Inspection of "Use the master key by default" - nextcloud/server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#5174)

by Björn

created 2017-07-05 15:05 UTC

Status

Indentation +681 added lines, -681 removed lines patch added patch discarded remove patch

@@ -38,685 +38,685 @@
 block discarded – undo
 
 class KeyManager {
 
-	/**
-	 * @var Session
-	 */
-	protected $session;
-	/**
-	 * @var IStorage
-	 */
-	private $keyStorage;
-	/**
-	 * @var Crypt
-	 */
-	private $crypt;
-	/**
-	 * @var string
-	 */
-	private $recoveryKeyId;
-	/**
-	 * @var string
-	 */
-	private $publicShareKeyId;
-	/**
-	 * @var string
-	 */
-	private $masterKeyId;
-	/**
-	 * @var string UserID
-	 */
-	private $keyId;
-	/**
-	 * @var string
-	 */
-	private $publicKeyId = 'publicKey';
-	/**
-	 * @var string
-	 */
-	private $privateKeyId = 'privateKey';
-
-	/**
-	 * @var string
-	 */
-	private $shareKeyId = 'shareKey';
-
-	/**
-	 * @var string
-	 */
-	private $fileKeyId = 'fileKey';
-	/**
-	 * @var IConfig
-	 */
-	private $config;
-	/**
-	 * @var ILogger
-	 */
-	private $log;
-	/**
-	 * @var Util
-	 */
-	private $util;
-
-	/**
-	 * @param IStorage $keyStorage
-	 * @param Crypt $crypt
-	 * @param IConfig $config
-	 * @param IUserSession $userSession
-	 * @param Session $session
-	 * @param ILogger $log
-	 * @param Util $util
-	 */
-	public function __construct(
-		IStorage $keyStorage,
-		Crypt $crypt,
-		IConfig $config,
-		IUserSession $userSession,
-		Session $session,
-		ILogger $log,
-		Util $util
-	) {
-
-		$this->util = $util;
-		$this->session = $session;
-		$this->keyStorage = $keyStorage;
-		$this->crypt = $crypt;
-		$this->config = $config;
-		$this->log = $log;
-
-		$this->recoveryKeyId = $this->config->getAppValue('encryption',
-			'recoveryKeyId');
-		if (empty($this->recoveryKeyId)) {
-			$this->recoveryKeyId = 'recoveryKey_' . substr(md5(time()), 0, 8);
-			$this->config->setAppValue('encryption',
-				'recoveryKeyId',
-				$this->recoveryKeyId);
-		}
-
-		$this->publicShareKeyId = $this->config->getAppValue('encryption',
-			'publicShareKeyId');
-		if (empty($this->publicShareKeyId)) {
-			$this->publicShareKeyId = 'pubShare_' . substr(md5(time()), 0, 8);
-			$this->config->setAppValue('encryption', 'publicShareKeyId', $this->publicShareKeyId);
-		}
-
-		$this->masterKeyId = $this->config->getAppValue('encryption',
-			'masterKeyId');
-		if (empty($this->masterKeyId)) {
-			$this->masterKeyId = 'master_' . substr(md5(time()), 0, 8);
-			$this->config->setAppValue('encryption', 'masterKeyId', $this->masterKeyId);
-		}
-
-		$this->keyId = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : false;
-		$this->log = $log;
-	}
-
-	/**
-	 * check if key pair for public link shares exists, if not we create one
-	 */
-	public function validateShareKey() {
-		$shareKey = $this->getPublicShareKey();
-		if (empty($shareKey)) {
-			$keyPair = $this->crypt->createKeyPair();
-
-			// Save public key
-			$this->keyStorage->setSystemUserKey(
-				$this->publicShareKeyId . '.publicKey', $keyPair['publicKey'],
-				Encryption::ID);
-
-			// Encrypt private key empty passphrase
-			$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], '');
-			$header = $this->crypt->generateHeader();
-			$this->setSystemPrivateKey($this->publicShareKeyId, $header . $encryptedKey);
-		}
-	}
-
-	/**
-	 * check if a key pair for the master key exists, if not we create one
-	 */
-	public function validateMasterKey() {
-
-		if ($this->util->isMasterKeyEnabled() === false) {
-			return;
-		}
-
-		$publicMasterKey = $this->getPublicMasterKey();
-		if (empty($publicMasterKey)) {
-			$keyPair = $this->crypt->createKeyPair();
-
-			// Save public key
-			$this->keyStorage->setSystemUserKey(
-				$this->masterKeyId . '.publicKey', $keyPair['publicKey'],
-				Encryption::ID);
-
-			// Encrypt private key with system password
-			$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $this->getMasterKeyPassword(), $this->masterKeyId);
-			$header = $this->crypt->generateHeader();
-			$this->setSystemPrivateKey($this->masterKeyId, $header . $encryptedKey);
-		}
-
-		if (!$this->session->isPrivateKeySet()) {
-			$masterKey = $this->getSystemPrivateKey($this->masterKeyId);
-			$decryptedMasterKey = $this->crypt->decryptPrivateKey($masterKey, $this->getMasterKeyPassword(), $this->masterKeyId);
-			$this->session->setPrivateKey($decryptedMasterKey);
-		}
-
-		// after the encryption key is available we are ready to go
-		$this->session->setStatus(Session::INIT_SUCCESSFUL);
-	}
-
-	/**
-	 * @return bool
-	 */
-	public function recoveryKeyExists() {
-		$key = $this->getRecoveryKey();
-		return (!empty($key));
-	}
-
-	/**
-	 * get recovery key
-	 *
-	 * @return string
-	 */
-	public function getRecoveryKey() {
-		return $this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.publicKey', Encryption::ID);
-	}
-
-	/**
-	 * get recovery key ID
-	 *
-	 * @return string
-	 */
-	public function getRecoveryKeyId() {
-		return $this->recoveryKeyId;
-	}
-
-	/**
-	 * @param string $password
-	 * @return bool
-	 */
-	public function checkRecoveryPassword($password) {
-		$recoveryKey = $this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.privateKey', Encryption::ID);
-		$decryptedRecoveryKey = $this->crypt->decryptPrivateKey($recoveryKey, $password);
-
-		if ($decryptedRecoveryKey) {
-			return true;
-		}
-		return false;
-	}
-
-	/**
-	 * @param string $uid
-	 * @param string $password
-	 * @param string $keyPair
-	 * @return bool
-	 */
-	public function storeKeyPair($uid, $password, $keyPair) {
-		// Save Public Key
-		$this->setPublicKey($uid, $keyPair['publicKey']);
-
-		$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $password, $uid);
-
-		$header = $this->crypt->generateHeader();
-
-		if ($encryptedKey) {
-			$this->setPrivateKey($uid, $header . $encryptedKey);
-			return true;
-		}
-		return false;
-	}
-
-	/**
-	 * @param string $password
-	 * @param array $keyPair
-	 * @return bool
-	 */
-	public function setRecoveryKey($password, $keyPair) {
-		// Save Public Key
-		$this->keyStorage->setSystemUserKey($this->getRecoveryKeyId().
-			'.publicKey',
-			$keyPair['publicKey'],
-			Encryption::ID);
-
-		$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $password);
-		$header = $this->crypt->generateHeader();
-
-		if ($encryptedKey) {
-			$this->setSystemPrivateKey($this->getRecoveryKeyId(), $header . $encryptedKey);
-			return true;
-		}
-		return false;
-	}
-
-	/**
-	 * @param $userId
-	 * @param $key
-	 * @return bool
-	 */
-	public function setPublicKey($userId, $key) {
-		return $this->keyStorage->setUserKey($userId, $this->publicKeyId, $key, Encryption::ID);
-	}
-
-	/**
-	 * @param $userId
-	 * @param string $key
-	 * @return bool
-	 */
-	public function setPrivateKey($userId, $key) {
-		return $this->keyStorage->setUserKey($userId,
-			$this->privateKeyId,
-			$key,
-			Encryption::ID);
-	}
-
-	/**
-	 * write file key to key storage
-	 *
-	 * @param string $path
-	 * @param string $key
-	 * @return boolean
-	 */
-	public function setFileKey($path, $key) {
-		return $this->keyStorage->setFileKey($path, $this->fileKeyId, $key, Encryption::ID);
-	}
-
-	/**
-	 * set all file keys (the file key and the corresponding share keys)
-	 *
-	 * @param string $path
-	 * @param array $keys
-	 */
-	public function setAllFileKeys($path, $keys) {
-		$this->setFileKey($path, $keys['data']);
-		foreach ($keys['keys'] as $uid => $keyFile) {
-			$this->setShareKey($path, $uid, $keyFile);
-		}
-	}
-
-	/**
-	 * write share key to the key storage
-	 *
-	 * @param string $path
-	 * @param string $uid
-	 * @param string $key
-	 * @return boolean
-	 */
-	public function setShareKey($path, $uid, $key) {
-		$keyId = $uid . '.' . $this->shareKeyId;
-		return $this->keyStorage->setFileKey($path, $keyId, $key, Encryption::ID);
-	}
-
-	/**
-	 * Decrypt private key and store it
-	 *
-	 * @param string $uid user id
-	 * @param string $passPhrase users password
-	 * @return boolean
-	 */
-	public function init($uid, $passPhrase) {
-
-		$this->session->setStatus(Session::INIT_EXECUTED);
-
-		try {
-			if($this->util->isMasterKeyEnabled()) {
-				$uid = $this->getMasterKeyId();
-				$passPhrase = $this->getMasterKeyPassword();
-				$privateKey = $this->getSystemPrivateKey($uid);
-			} else {
-				$privateKey = $this->getPrivateKey($uid);
-			}
-			$privateKey = $this->crypt->decryptPrivateKey($privateKey, $passPhrase, $uid);
-		} catch (PrivateKeyMissingException $e) {
-			return false;
-		} catch (DecryptionFailedException $e) {
-			return false;
-		} catch (\Exception $e) {
-			$this->log->warning(
-				'Could not decrypt the private key from user "' . $uid . '"" during login. ' .
-				'Assume password change on the user back-end. Error message: '
-				. $e->getMessage()
-			);
-			return false;
-		}
-
-		if ($privateKey) {
-			$this->session->setPrivateKey($privateKey);
-			$this->session->setStatus(Session::INIT_SUCCESSFUL);
-			return true;
-		}
-
-		return false;
-	}
-
-	/**
-	 * @param $userId
-	 * @return string
-	 * @throws PrivateKeyMissingException
-	 */
-	public function getPrivateKey($userId) {
-		$privateKey = $this->keyStorage->getUserKey($userId,
-			$this->privateKeyId, Encryption::ID);
-
-		if (strlen($privateKey) !== 0) {
-			return $privateKey;
-		}
-		throw new PrivateKeyMissingException($userId);
-	}
-
-	/**
-	 * @param string $path
-	 * @param $uid
-	 * @return string
-	 */
-	public function getFileKey($path, $uid) {
-		if ($uid === '') {
-			$uid = null;
-		}
-		$publicAccess = is_null($uid);
-		$encryptedFileKey = $this->keyStorage->getFileKey($path, $this->fileKeyId, Encryption::ID);
-
-		if (empty($encryptedFileKey)) {
-			return '';
-		}
-
-		if ($this->util->isMasterKeyEnabled()) {
-			$uid = $this->getMasterKeyId();
-			$shareKey = $this->getShareKey($path, $uid);
-			if ($publicAccess) {
-				$privateKey = $this->getSystemPrivateKey($uid);
-				$privateKey = $this->crypt->decryptPrivateKey($privateKey, $this->getMasterKeyPassword(), $uid);
-			} else {
-				// when logged in, the master key is already decrypted in the session
-				$privateKey = $this->session->getPrivateKey();
-			}
-		} else if ($publicAccess) {
-			// use public share key for public links
-			$uid = $this->getPublicShareKeyId();
-			$shareKey = $this->getShareKey($path, $uid);
-			$privateKey = $this->keyStorage->getSystemUserKey($this->publicShareKeyId . '.privateKey', Encryption::ID);
-			$privateKey = $this->crypt->decryptPrivateKey($privateKey);
-		} else {
-			$shareKey = $this->getShareKey($path, $uid);
-			$privateKey = $this->session->getPrivateKey();
-		}
-
-		if ($encryptedFileKey && $shareKey && $privateKey) {
-			return $this->crypt->multiKeyDecrypt($encryptedFileKey,
-				$shareKey,
-				$privateKey);
-		}
-
-		return '';
-	}
-
-	/**
-	 * Get the current version of a file
-	 *
-	 * @param string $path
-	 * @param View $view
-	 * @return int
-	 */
-	public function getVersion($path, View $view) {
-		$fileInfo = $view->getFileInfo($path);
-		if($fileInfo === false) {
-			return 0;
-		}
-		return $fileInfo->getEncryptedVersion();
-	}
-
-	/**
-	 * Set the current version of a file
-	 *
-	 * @param string $path
-	 * @param int $version
-	 * @param View $view
-	 */
-	public function setVersion($path, $version, View $view) {
-		$fileInfo= $view->getFileInfo($path);
-
-		if($fileInfo !== false) {
-			$cache = $fileInfo->getStorage()->getCache();
-			$cache->update($fileInfo->getId(), ['encrypted' => $version, 'encryptedVersion' => $version]);
-		}
-	}
-
-	/**
-	 * get the encrypted file key
-	 *
-	 * @param string $path
-	 * @return string
-	 */
-	public function getEncryptedFileKey($path) {
-		$encryptedFileKey = $this->keyStorage->getFileKey($path,
-			$this->fileKeyId, Encryption::ID);
-
-		return $encryptedFileKey;
-	}
-
-	/**
-	 * delete share key
-	 *
-	 * @param string $path
-	 * @param string $keyId
-	 * @return boolean
-	 */
-	public function deleteShareKey($path, $keyId) {
-		return $this->keyStorage->deleteFileKey(
-			$path,
-			$keyId . '.' . $this->shareKeyId,
-			Encryption::ID);
-	}
-
-
-	/**
-	 * @param $path
-	 * @param $uid
-	 * @return mixed
-	 */
-	public function getShareKey($path, $uid) {
-		$keyId = $uid . '.' . $this->shareKeyId;
-		return $this->keyStorage->getFileKey($path, $keyId, Encryption::ID);
-	}
-
-	/**
-	 * check if user has a private and a public key
-	 *
-	 * @param string $userId
-	 * @return bool
-	 * @throws PrivateKeyMissingException
-	 * @throws PublicKeyMissingException
-	 */
-	public function userHasKeys($userId) {
-		$privateKey = $publicKey = true;
-		$exception = null;
-
-		try {
-			$this->getPrivateKey($userId);
-		} catch (PrivateKeyMissingException $e) {
-			$privateKey = false;
-			$exception = $e;
-		}
-		try {
-			$this->getPublicKey($userId);
-		} catch (PublicKeyMissingException $e) {
-			$publicKey = false;
-			$exception = $e;
-		}
-
-		if ($privateKey && $publicKey) {
-			return true;
-		} elseif (!$privateKey && !$publicKey) {
-			return false;
-		} else {
-			throw $exception;
-		}
-	}
-
-	/**
-	 * @param $userId
-	 * @return mixed
-	 * @throws PublicKeyMissingException
-	 */
-	public function getPublicKey($userId) {
-		$publicKey = $this->keyStorage->getUserKey($userId, $this->publicKeyId, Encryption::ID);
-
-		if (strlen($publicKey) !== 0) {
-			return $publicKey;
-		}
-		throw new PublicKeyMissingException($userId);
-	}
-
-	public function getPublicShareKeyId() {
-		return $this->publicShareKeyId;
-	}
-
-	/**
-	 * get public key for public link shares
-	 *
-	 * @return string
-	 */
-	public function getPublicShareKey() {
-		return $this->keyStorage->getSystemUserKey($this->publicShareKeyId . '.publicKey', Encryption::ID);
-	}
-
-	/**
-	 * @param string $purpose
-	 * @param string $uid
-	 */
-	public function backupUserKeys($purpose, $uid) {
-		$this->keyStorage->backupUserKeys(Encryption::ID, $purpose, $uid);
-	}
-
-	/**
-	 * creat a backup of the users private and public key and then  delete it
-	 *
-	 * @param string $uid
-	 */
-	public function deleteUserKeys($uid) {
-		$this->deletePublicKey($uid);
-		$this->deletePrivateKey($uid);
-	}
-
-	/**
-	 * @param $uid
-	 * @return bool
-	 */
-	public function deletePublicKey($uid) {
-		return $this->keyStorage->deleteUserKey($uid, $this->publicKeyId, Encryption::ID);
-	}
-
-	/**
-	 * @param string $uid
-	 * @return bool
-	 */
-	private function deletePrivateKey($uid) {
-		return $this->keyStorage->deleteUserKey($uid, $this->privateKeyId, Encryption::ID);
-	}
-
-	/**
-	 * @param string $path
-	 * @return bool
-	 */
-	public function deleteAllFileKeys($path) {
-		return $this->keyStorage->deleteAllFileKeys($path);
-	}
-
-	/**
-	 * @param array $userIds
-	 * @return array
-	 * @throws PublicKeyMissingException
-	 */
-	public function getPublicKeys(array $userIds) {
-		$keys = [];
-
-		foreach ($userIds as $userId) {
-			try {
-				$keys[$userId] = $this->getPublicKey($userId);
-			} catch (PublicKeyMissingException $e) {
-				continue;
-			}
-		}
-
-		return $keys;
-
-	}
-
-	/**
-	 * @param string $keyId
-	 * @return string returns openssl key
-	 */
-	public function getSystemPrivateKey($keyId) {
-		return $this->keyStorage->getSystemUserKey($keyId . '.' . $this->privateKeyId, Encryption::ID);
-	}
-
-	/**
-	 * @param string $keyId
-	 * @param string $key
-	 * @return string returns openssl key
-	 */
-	public function setSystemPrivateKey($keyId, $key) {
-		return $this->keyStorage->setSystemUserKey(
-			$keyId . '.' . $this->privateKeyId,
-			$key,
-			Encryption::ID);
-	}
-
-	/**
-	 * add system keys such as the public share key and the recovery key
-	 *
-	 * @param array $accessList
-	 * @param array $publicKeys
-	 * @param string $uid
-	 * @return array
-	 * @throws PublicKeyMissingException
-	 */
-	public function addSystemKeys(array $accessList, array $publicKeys, $uid) {
-		if (!empty($accessList['public'])) {
-			$publicShareKey = $this->getPublicShareKey();
-			if (empty($publicShareKey)) {
-				throw new PublicKeyMissingException($this->getPublicShareKeyId());
-			}
-			$publicKeys[$this->getPublicShareKeyId()] = $publicShareKey;
-		}
-
-		if ($this->recoveryKeyExists() &&
-			$this->util->isRecoveryEnabledForUser($uid)) {
-
-			$publicKeys[$this->getRecoveryKeyId()] = $this->getRecoveryKey();
-		}
-
-		return $publicKeys;
-	}
-
-	/**
-	 * get master key password
-	 *
-	 * @return string
-	 * @throws \Exception
-	 */
-	public function getMasterKeyPassword() {
-		$password = $this->config->getSystemValue('secret');
-		if (empty($password)){
-			throw new \Exception('Can not get secret from Nextcloud instance');
-		}
-
-		return $password;
-	}
-
-	/**
-	 * return master key id
-	 *
-	 * @return string
-	 */
-	public function getMasterKeyId() {
-		return $this->masterKeyId;
-	}
-
-	/**
-	 * get public master key
-	 *
-	 * @return string
-	 */
-	public function getPublicMasterKey() {
-		return $this->keyStorage->getSystemUserKey($this->masterKeyId . '.publicKey', Encryption::ID);
-	}
+    /**
+     * @var Session
+     */
+    protected $session;
+    /**
+     * @var IStorage
+     */
+    private $keyStorage;
+    /**
+     * @var Crypt
+     */
+    private $crypt;
+    /**
+     * @var string
+     */
+    private $recoveryKeyId;
+    /**
+     * @var string
+     */
+    private $publicShareKeyId;
+    /**
+     * @var string
+     */
+    private $masterKeyId;
+    /**
+     * @var string UserID
+     */
+    private $keyId;
+    /**
+     * @var string
+     */
+    private $publicKeyId = 'publicKey';
+    /**
+     * @var string
+     */
+    private $privateKeyId = 'privateKey';
+
+    /**
+     * @var string
+     */
+    private $shareKeyId = 'shareKey';
+
+    /**
+     * @var string
+     */
+    private $fileKeyId = 'fileKey';
+    /**
+     * @var IConfig
+     */
+    private $config;
+    /**
+     * @var ILogger
+     */
+    private $log;
+    /**
+     * @var Util
+     */
+    private $util;
+
+    /**
+     * @param IStorage $keyStorage
+     * @param Crypt $crypt
+     * @param IConfig $config
+     * @param IUserSession $userSession
+     * @param Session $session
+     * @param ILogger $log
+     * @param Util $util
+     */
+    public function __construct(
+        IStorage $keyStorage,
+        Crypt $crypt,
+        IConfig $config,
+        IUserSession $userSession,
+        Session $session,
+        ILogger $log,
+        Util $util
+    ) {
+
+        $this->util = $util;
+        $this->session = $session;
+        $this->keyStorage = $keyStorage;
+        $this->crypt = $crypt;
+        $this->config = $config;
+        $this->log = $log;
+
+        $this->recoveryKeyId = $this->config->getAppValue('encryption',
+            'recoveryKeyId');
+        if (empty($this->recoveryKeyId)) {
+            $this->recoveryKeyId = 'recoveryKey_' . substr(md5(time()), 0, 8);
+            $this->config->setAppValue('encryption',
+                'recoveryKeyId',
+                $this->recoveryKeyId);
+        }
+
+        $this->publicShareKeyId = $this->config->getAppValue('encryption',
+            'publicShareKeyId');
+        if (empty($this->publicShareKeyId)) {
+            $this->publicShareKeyId = 'pubShare_' . substr(md5(time()), 0, 8);
+            $this->config->setAppValue('encryption', 'publicShareKeyId', $this->publicShareKeyId);
+        }
+
+        $this->masterKeyId = $this->config->getAppValue('encryption',
+            'masterKeyId');
+        if (empty($this->masterKeyId)) {
+            $this->masterKeyId = 'master_' . substr(md5(time()), 0, 8);
+            $this->config->setAppValue('encryption', 'masterKeyId', $this->masterKeyId);
+        }
+
+        $this->keyId = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : false;
+        $this->log = $log;
+    }
+
+    /**
+     * check if key pair for public link shares exists, if not we create one
+     */
+    public function validateShareKey() {
+        $shareKey = $this->getPublicShareKey();
+        if (empty($shareKey)) {
+            $keyPair = $this->crypt->createKeyPair();
+
+            // Save public key
+            $this->keyStorage->setSystemUserKey(
+                $this->publicShareKeyId . '.publicKey', $keyPair['publicKey'],
+                Encryption::ID);
+
+            // Encrypt private key empty passphrase
+            $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], '');
+            $header = $this->crypt->generateHeader();
+            $this->setSystemPrivateKey($this->publicShareKeyId, $header . $encryptedKey);
+        }
+    }
+
+    /**
+     * check if a key pair for the master key exists, if not we create one
+     */
+    public function validateMasterKey() {
+
+        if ($this->util->isMasterKeyEnabled() === false) {
+            return;
+        }
+
+        $publicMasterKey = $this->getPublicMasterKey();
+        if (empty($publicMasterKey)) {
+            $keyPair = $this->crypt->createKeyPair();
+
+            // Save public key
+            $this->keyStorage->setSystemUserKey(
+                $this->masterKeyId . '.publicKey', $keyPair['publicKey'],
+                Encryption::ID);
+
+            // Encrypt private key with system password
+            $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $this->getMasterKeyPassword(), $this->masterKeyId);
+            $header = $this->crypt->generateHeader();
+            $this->setSystemPrivateKey($this->masterKeyId, $header . $encryptedKey);
+        }
+
+        if (!$this->session->isPrivateKeySet()) {
+            $masterKey = $this->getSystemPrivateKey($this->masterKeyId);
+            $decryptedMasterKey = $this->crypt->decryptPrivateKey($masterKey, $this->getMasterKeyPassword(), $this->masterKeyId);
+            $this->session->setPrivateKey($decryptedMasterKey);
+        }
+
+        // after the encryption key is available we are ready to go
+        $this->session->setStatus(Session::INIT_SUCCESSFUL);
+    }
+
+    /**
+     * @return bool
+     */
+    public function recoveryKeyExists() {
+        $key = $this->getRecoveryKey();
+        return (!empty($key));
+    }
+
+    /**
+     * get recovery key
+     *
+     * @return string
+     */
+    public function getRecoveryKey() {
+        return $this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.publicKey', Encryption::ID);
+    }
+
+    /**
+     * get recovery key ID
+     *
+     * @return string
+     */
+    public function getRecoveryKeyId() {
+        return $this->recoveryKeyId;
+    }
+
+    /**
+     * @param string $password
+     * @return bool
+     */
+    public function checkRecoveryPassword($password) {
+        $recoveryKey = $this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.privateKey', Encryption::ID);
+        $decryptedRecoveryKey = $this->crypt->decryptPrivateKey($recoveryKey, $password);
+
+        if ($decryptedRecoveryKey) {
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * @param string $uid
+     * @param string $password
+     * @param string $keyPair
+     * @return bool
+     */
+    public function storeKeyPair($uid, $password, $keyPair) {
+        // Save Public Key
+        $this->setPublicKey($uid, $keyPair['publicKey']);
+
+        $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $password, $uid);
+
+        $header = $this->crypt->generateHeader();
+
+        if ($encryptedKey) {
+            $this->setPrivateKey($uid, $header . $encryptedKey);
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * @param string $password
+     * @param array $keyPair
+     * @return bool
+     */
+    public function setRecoveryKey($password, $keyPair) {
+        // Save Public Key
+        $this->keyStorage->setSystemUserKey($this->getRecoveryKeyId().
+            '.publicKey',
+            $keyPair['publicKey'],
+            Encryption::ID);
+
+        $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $password);
+        $header = $this->crypt->generateHeader();
+
+        if ($encryptedKey) {
+            $this->setSystemPrivateKey($this->getRecoveryKeyId(), $header . $encryptedKey);
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * @param $userId
+     * @param $key
+     * @return bool
+     */
+    public function setPublicKey($userId, $key) {
+        return $this->keyStorage->setUserKey($userId, $this->publicKeyId, $key, Encryption::ID);
+    }
+
+    /**
+     * @param $userId
+     * @param string $key
+     * @return bool
+     */
+    public function setPrivateKey($userId, $key) {
+        return $this->keyStorage->setUserKey($userId,
+            $this->privateKeyId,
+            $key,
+            Encryption::ID);
+    }
+
+    /**
+     * write file key to key storage
+     *
+     * @param string $path
+     * @param string $key
+     * @return boolean
+     */
+    public function setFileKey($path, $key) {
+        return $this->keyStorage->setFileKey($path, $this->fileKeyId, $key, Encryption::ID);
+    }
+
+    /**
+     * set all file keys (the file key and the corresponding share keys)
+     *
+     * @param string $path
+     * @param array $keys
+     */
+    public function setAllFileKeys($path, $keys) {
+        $this->setFileKey($path, $keys['data']);
+        foreach ($keys['keys'] as $uid => $keyFile) {
+            $this->setShareKey($path, $uid, $keyFile);
+        }
+    }
+
+    /**
+     * write share key to the key storage
+     *
+     * @param string $path
+     * @param string $uid
+     * @param string $key
+     * @return boolean
+     */
+    public function setShareKey($path, $uid, $key) {
+        $keyId = $uid . '.' . $this->shareKeyId;
+        return $this->keyStorage->setFileKey($path, $keyId, $key, Encryption::ID);
+    }
+
+    /**
+     * Decrypt private key and store it
+     *
+     * @param string $uid user id
+     * @param string $passPhrase users password
+     * @return boolean
+     */
+    public function init($uid, $passPhrase) {
+
+        $this->session->setStatus(Session::INIT_EXECUTED);
+
+        try {
+            if($this->util->isMasterKeyEnabled()) {
+                $uid = $this->getMasterKeyId();
+                $passPhrase = $this->getMasterKeyPassword();
+                $privateKey = $this->getSystemPrivateKey($uid);
+            } else {
+                $privateKey = $this->getPrivateKey($uid);
+            }
+            $privateKey = $this->crypt->decryptPrivateKey($privateKey, $passPhrase, $uid);
+        } catch (PrivateKeyMissingException $e) {
+            return false;
+        } catch (DecryptionFailedException $e) {
+            return false;
+        } catch (\Exception $e) {
+            $this->log->warning(
+                'Could not decrypt the private key from user "' . $uid . '"" during login. ' .
+                'Assume password change on the user back-end. Error message: '
+                . $e->getMessage()
+            );
+            return false;
+        }
+
+        if ($privateKey) {
+            $this->session->setPrivateKey($privateKey);
+            $this->session->setStatus(Session::INIT_SUCCESSFUL);
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * @param $userId
+     * @return string
+     * @throws PrivateKeyMissingException
+     */
+    public function getPrivateKey($userId) {
+        $privateKey = $this->keyStorage->getUserKey($userId,
+            $this->privateKeyId, Encryption::ID);
+
+        if (strlen($privateKey) !== 0) {
+            return $privateKey;
+        }
+        throw new PrivateKeyMissingException($userId);
+    }
+
+    /**
+     * @param string $path
+     * @param $uid
+     * @return string
+     */
+    public function getFileKey($path, $uid) {
+        if ($uid === '') {
+            $uid = null;
+        }
+        $publicAccess = is_null($uid);
+        $encryptedFileKey = $this->keyStorage->getFileKey($path, $this->fileKeyId, Encryption::ID);
+
+        if (empty($encryptedFileKey)) {
+            return '';
+        }
+
+        if ($this->util->isMasterKeyEnabled()) {
+            $uid = $this->getMasterKeyId();
+            $shareKey = $this->getShareKey($path, $uid);
+            if ($publicAccess) {
+                $privateKey = $this->getSystemPrivateKey($uid);
+                $privateKey = $this->crypt->decryptPrivateKey($privateKey, $this->getMasterKeyPassword(), $uid);
+            } else {
+                // when logged in, the master key is already decrypted in the session
+                $privateKey = $this->session->getPrivateKey();
+            }
+        } else if ($publicAccess) {
+            // use public share key for public links
+            $uid = $this->getPublicShareKeyId();
+            $shareKey = $this->getShareKey($path, $uid);
+            $privateKey = $this->keyStorage->getSystemUserKey($this->publicShareKeyId . '.privateKey', Encryption::ID);
+            $privateKey = $this->crypt->decryptPrivateKey($privateKey);
+        } else {
+            $shareKey = $this->getShareKey($path, $uid);
+            $privateKey = $this->session->getPrivateKey();
+        }
+
+        if ($encryptedFileKey && $shareKey && $privateKey) {
+            return $this->crypt->multiKeyDecrypt($encryptedFileKey,
+                $shareKey,
+                $privateKey);
+        }
+
+        return '';
+    }
+
+    /**
+     * Get the current version of a file
+     *
+     * @param string $path
+     * @param View $view
+     * @return int
+     */
+    public function getVersion($path, View $view) {
+        $fileInfo = $view->getFileInfo($path);
+        if($fileInfo === false) {
+            return 0;
+        }
+        return $fileInfo->getEncryptedVersion();
+    }
+
+    /**
+     * Set the current version of a file
+     *
+     * @param string $path
+     * @param int $version
+     * @param View $view
+     */
+    public function setVersion($path, $version, View $view) {
+        $fileInfo= $view->getFileInfo($path);
+
+        if($fileInfo !== false) {
+            $cache = $fileInfo->getStorage()->getCache();
+            $cache->update($fileInfo->getId(), ['encrypted' => $version, 'encryptedVersion' => $version]);
+        }
+    }
+
+    /**
+     * get the encrypted file key
+     *
+     * @param string $path
+     * @return string
+     */
+    public function getEncryptedFileKey($path) {
+        $encryptedFileKey = $this->keyStorage->getFileKey($path,
+            $this->fileKeyId, Encryption::ID);
+
+        return $encryptedFileKey;
+    }
+
+    /**
+     * delete share key
+     *
+     * @param string $path
+     * @param string $keyId
+     * @return boolean
+     */
+    public function deleteShareKey($path, $keyId) {
+        return $this->keyStorage->deleteFileKey(
+            $path,
+            $keyId . '.' . $this->shareKeyId,
+            Encryption::ID);
+    }
+
+
+    /**
+     * @param $path
+     * @param $uid
+     * @return mixed
+     */
+    public function getShareKey($path, $uid) {
+        $keyId = $uid . '.' . $this->shareKeyId;
+        return $this->keyStorage->getFileKey($path, $keyId, Encryption::ID);
+    }
+
+    /**
+     * check if user has a private and a public key
+     *
+     * @param string $userId
+     * @return bool
+     * @throws PrivateKeyMissingException
+     * @throws PublicKeyMissingException
+     */
+    public function userHasKeys($userId) {
+        $privateKey = $publicKey = true;
+        $exception = null;
+
+        try {
+            $this->getPrivateKey($userId);
+        } catch (PrivateKeyMissingException $e) {
+            $privateKey = false;
+            $exception = $e;
+        }
+        try {
+            $this->getPublicKey($userId);
+        } catch (PublicKeyMissingException $e) {
+            $publicKey = false;
+            $exception = $e;
+        }
+
+        if ($privateKey && $publicKey) {
+            return true;
+        } elseif (!$privateKey && !$publicKey) {
+            return false;
+        } else {
+            throw $exception;
+        }
+    }
+
+    /**
+     * @param $userId
+     * @return mixed
+     * @throws PublicKeyMissingException
+     */
+    public function getPublicKey($userId) {
+        $publicKey = $this->keyStorage->getUserKey($userId, $this->publicKeyId, Encryption::ID);
+
+        if (strlen($publicKey) !== 0) {
+            return $publicKey;
+        }
+        throw new PublicKeyMissingException($userId);
+    }
+
+    public function getPublicShareKeyId() {
+        return $this->publicShareKeyId;
+    }
+
+    /**
+     * get public key for public link shares
+     *
+     * @return string
+     */
+    public function getPublicShareKey() {
+        return $this->keyStorage->getSystemUserKey($this->publicShareKeyId . '.publicKey', Encryption::ID);
+    }
+
+    /**
+     * @param string $purpose
+     * @param string $uid
+     */
+    public function backupUserKeys($purpose, $uid) {
+        $this->keyStorage->backupUserKeys(Encryption::ID, $purpose, $uid);
+    }
+
+    /**
+     * creat a backup of the users private and public key and then  delete it
+     *
+     * @param string $uid
+     */
+    public function deleteUserKeys($uid) {
+        $this->deletePublicKey($uid);
+        $this->deletePrivateKey($uid);
+    }
+
+    /**
+     * @param $uid
+     * @return bool
+     */
+    public function deletePublicKey($uid) {
+        return $this->keyStorage->deleteUserKey($uid, $this->publicKeyId, Encryption::ID);
+    }
+
+    /**
+     * @param string $uid
+     * @return bool
+     */
+    private function deletePrivateKey($uid) {
+        return $this->keyStorage->deleteUserKey($uid, $this->privateKeyId, Encryption::ID);
+    }
+
+    /**
+     * @param string $path
+     * @return bool
+     */
+    public function deleteAllFileKeys($path) {
+        return $this->keyStorage->deleteAllFileKeys($path);
+    }
+
+    /**
+     * @param array $userIds
+     * @return array
+     * @throws PublicKeyMissingException
+     */
+    public function getPublicKeys(array $userIds) {
+        $keys = [];
+
+        foreach ($userIds as $userId) {
+            try {
+                $keys[$userId] = $this->getPublicKey($userId);
+            } catch (PublicKeyMissingException $e) {
+                continue;
+            }
+        }
+
+        return $keys;
+
+    }
+
+    /**
+     * @param string $keyId
+     * @return string returns openssl key
+     */
+    public function getSystemPrivateKey($keyId) {
+        return $this->keyStorage->getSystemUserKey($keyId . '.' . $this->privateKeyId, Encryption::ID);
+    }
+
+    /**
+     * @param string $keyId
+     * @param string $key
+     * @return string returns openssl key
+     */
+    public function setSystemPrivateKey($keyId, $key) {
+        return $this->keyStorage->setSystemUserKey(
+            $keyId . '.' . $this->privateKeyId,
+            $key,
+            Encryption::ID);
+    }
+
+    /**
+     * add system keys such as the public share key and the recovery key
+     *
+     * @param array $accessList
+     * @param array $publicKeys
+     * @param string $uid
+     * @return array
+     * @throws PublicKeyMissingException
+     */
+    public function addSystemKeys(array $accessList, array $publicKeys, $uid) {
+        if (!empty($accessList['public'])) {
+            $publicShareKey = $this->getPublicShareKey();
+            if (empty($publicShareKey)) {
+                throw new PublicKeyMissingException($this->getPublicShareKeyId());
+            }
+            $publicKeys[$this->getPublicShareKeyId()] = $publicShareKey;
+        }
+
+        if ($this->recoveryKeyExists() &&
+            $this->util->isRecoveryEnabledForUser($uid)) {
+
+            $publicKeys[$this->getRecoveryKeyId()] = $this->getRecoveryKey();
+        }
+
+        return $publicKeys;
+    }
+
+    /**
+     * get master key password
+     *
+     * @return string
+     * @throws \Exception
+     */
+    public function getMasterKeyPassword() {
+        $password = $this->config->getSystemValue('secret');
+        if (empty($password)){
+            throw new \Exception('Can not get secret from Nextcloud instance');
+        }
+
+        return $password;
+    }
+
+    /**
+     * return master key id
+     *
+     * @return string
+     */
+    public function getMasterKeyId() {
+        return $this->masterKeyId;
+    }
+
+    /**
+     * get public master key
+     *
+     * @return string
+     */
+    public function getPublicMasterKey() {
+        return $this->keyStorage->getSystemUserKey($this->masterKeyId . '.publicKey', Encryption::ID);
+    }
 }

Please login to merge, or discard this patch.

Spacing +25 added lines, -25 removed lines patch added patch discarded remove patch

@@ -126,7 +126,7 @@  discard block
 block discarded – undo
 		$this->recoveryKeyId = $this->config->getAppValue('encryption',
 			'recoveryKeyId');
 		if (empty($this->recoveryKeyId)) {
-			$this->recoveryKeyId = 'recoveryKey_' . substr(md5(time()), 0, 8);
+			$this->recoveryKeyId = 'recoveryKey_'.substr(md5(time()), 0, 8);
 			$this->config->setAppValue('encryption',
 				'recoveryKeyId',
 				$this->recoveryKeyId);
@@ -135,14 +135,14 @@  discard block
 block discarded – undo
 		$this->publicShareKeyId = $this->config->getAppValue('encryption',
 			'publicShareKeyId');
 		if (empty($this->publicShareKeyId)) {
-			$this->publicShareKeyId = 'pubShare_' . substr(md5(time()), 0, 8);
+			$this->publicShareKeyId = 'pubShare_'.substr(md5(time()), 0, 8);
 			$this->config->setAppValue('encryption', 'publicShareKeyId', $this->publicShareKeyId);
 		}
 
 		$this->masterKeyId = $this->config->getAppValue('encryption',
 			'masterKeyId');
 		if (empty($this->masterKeyId)) {
-			$this->masterKeyId = 'master_' . substr(md5(time()), 0, 8);
+			$this->masterKeyId = 'master_'.substr(md5(time()), 0, 8);
 			$this->config->setAppValue('encryption', 'masterKeyId', $this->masterKeyId);
 		}
 
@@ -160,13 +160,13 @@  discard block
 block discarded – undo
 
 			// Save public key
 			$this->keyStorage->setSystemUserKey(
-				$this->publicShareKeyId . '.publicKey', $keyPair['publicKey'],
+				$this->publicShareKeyId.'.publicKey', $keyPair['publicKey'],
 				Encryption::ID);
 
 			// Encrypt private key empty passphrase
 			$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], '');
 			$header = $this->crypt->generateHeader();
-			$this->setSystemPrivateKey($this->publicShareKeyId, $header . $encryptedKey);
+			$this->setSystemPrivateKey($this->publicShareKeyId, $header.$encryptedKey);
 		}
 	}
 
@@ -185,13 +185,13 @@  discard block
 block discarded – undo
 
 			// Save public key
 			$this->keyStorage->setSystemUserKey(
-				$this->masterKeyId . '.publicKey', $keyPair['publicKey'],
+				$this->masterKeyId.'.publicKey', $keyPair['publicKey'],
 				Encryption::ID);
 
 			// Encrypt private key with system password
 			$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $this->getMasterKeyPassword(), $this->masterKeyId);
 			$header = $this->crypt->generateHeader();
-			$this->setSystemPrivateKey($this->masterKeyId, $header . $encryptedKey);
+			$this->setSystemPrivateKey($this->masterKeyId, $header.$encryptedKey);
 		}
 
 		if (!$this->session->isPrivateKeySet()) {
@@ -218,7 +218,7 @@  discard block
 block discarded – undo
 	 * @return string
 	 */
 	public function getRecoveryKey() {
-		return $this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.publicKey', Encryption::ID);
+		return $this->keyStorage->getSystemUserKey($this->recoveryKeyId.'.publicKey', Encryption::ID);
 	}
 
 	/**
@@ -235,7 +235,7 @@  discard block
 block discarded – undo
 	 * @return bool
 	 */
 	public function checkRecoveryPassword($password) {
-		$recoveryKey = $this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.privateKey', Encryption::ID);
+		$recoveryKey = $this->keyStorage->getSystemUserKey($this->recoveryKeyId.'.privateKey', Encryption::ID);
 		$decryptedRecoveryKey = $this->crypt->decryptPrivateKey($recoveryKey, $password);
 
 		if ($decryptedRecoveryKey) {
@@ -259,7 +259,7 @@  discard block
 block discarded – undo
 		$header = $this->crypt->generateHeader();
 
 		if ($encryptedKey) {
-			$this->setPrivateKey($uid, $header . $encryptedKey);
+			$this->setPrivateKey($uid, $header.$encryptedKey);
 			return true;
 		}
 		return false;
@@ -281,7 +281,7 @@  discard block
 block discarded – undo
 		$header = $this->crypt->generateHeader();
 
 		if ($encryptedKey) {
-			$this->setSystemPrivateKey($this->getRecoveryKeyId(), $header . $encryptedKey);
+			$this->setSystemPrivateKey($this->getRecoveryKeyId(), $header.$encryptedKey);
 			return true;
 		}
 		return false;
@@ -341,7 +341,7 @@  discard block
 block discarded – undo
 	 * @return boolean
 	 */
 	public function setShareKey($path, $uid, $key) {
-		$keyId = $uid . '.' . $this->shareKeyId;
+		$keyId = $uid.'.'.$this->shareKeyId;
 		return $this->keyStorage->setFileKey($path, $keyId, $key, Encryption::ID);
 	}
 
@@ -357,7 +357,7 @@  discard block
 block discarded – undo
 		$this->session->setStatus(Session::INIT_EXECUTED);
 
 		try {
-			if($this->util->isMasterKeyEnabled()) {
+			if ($this->util->isMasterKeyEnabled()) {
 				$uid = $this->getMasterKeyId();
 				$passPhrase = $this->getMasterKeyPassword();
 				$privateKey = $this->getSystemPrivateKey($uid);
@@ -371,7 +371,7 @@  discard block
 block discarded – undo
 			return false;
 		} catch (\Exception $e) {
 			$this->log->warning(
-				'Could not decrypt the private key from user "' . $uid . '"" during login. ' .
+				'Could not decrypt the private key from user "'.$uid.'"" during login. '.
 				'Assume password change on the user back-end. Error message: '
 				. $e->getMessage()
 			);
@@ -432,7 +432,7 @@  discard block
 block discarded – undo
 			// use public share key for public links
 			$uid = $this->getPublicShareKeyId();
 			$shareKey = $this->getShareKey($path, $uid);
-			$privateKey = $this->keyStorage->getSystemUserKey($this->publicShareKeyId . '.privateKey', Encryption::ID);
+			$privateKey = $this->keyStorage->getSystemUserKey($this->publicShareKeyId.'.privateKey', Encryption::ID);
 			$privateKey = $this->crypt->decryptPrivateKey($privateKey);
 		} else {
 			$shareKey = $this->getShareKey($path, $uid);
@@ -457,7 +457,7 @@  discard block
 block discarded – undo
 	 */
 	public function getVersion($path, View $view) {
 		$fileInfo = $view->getFileInfo($path);
-		if($fileInfo === false) {
+		if ($fileInfo === false) {
 			return 0;
 		}
 		return $fileInfo->getEncryptedVersion();
@@ -471,9 +471,9 @@  discard block
 block discarded – undo
 	 * @param View $view
 	 */
 	public function setVersion($path, $version, View $view) {
-		$fileInfo= $view->getFileInfo($path);
+		$fileInfo = $view->getFileInfo($path);
 
-		if($fileInfo !== false) {
+		if ($fileInfo !== false) {
 			$cache = $fileInfo->getStorage()->getCache();
 			$cache->update($fileInfo->getId(), ['encrypted' => $version, 'encryptedVersion' => $version]);
 		}
@@ -502,7 +502,7 @@  discard block
 block discarded – undo
 	public function deleteShareKey($path, $keyId) {
 		return $this->keyStorage->deleteFileKey(
 			$path,
-			$keyId . '.' . $this->shareKeyId,
+			$keyId.'.'.$this->shareKeyId,
 			Encryption::ID);
 	}
 
@@ -513,7 +513,7 @@  discard block
 block discarded – undo
 	 * @return mixed
 	 */
 	public function getShareKey($path, $uid) {
-		$keyId = $uid . '.' . $this->shareKeyId;
+		$keyId = $uid.'.'.$this->shareKeyId;
 		return $this->keyStorage->getFileKey($path, $keyId, Encryption::ID);
 	}
 
@@ -575,7 +575,7 @@  discard block
 block discarded – undo
 	 * @return string
 	 */
 	public function getPublicShareKey() {
-		return $this->keyStorage->getSystemUserKey($this->publicShareKeyId . '.publicKey', Encryption::ID);
+		return $this->keyStorage->getSystemUserKey($this->publicShareKeyId.'.publicKey', Encryption::ID);
 	}
 
 	/**
@@ -645,7 +645,7 @@  discard block
 block discarded – undo
 	 * @return string returns openssl key
 	 */
 	public function getSystemPrivateKey($keyId) {
-		return $this->keyStorage->getSystemUserKey($keyId . '.' . $this->privateKeyId, Encryption::ID);
+		return $this->keyStorage->getSystemUserKey($keyId.'.'.$this->privateKeyId, Encryption::ID);
 	}
 
 	/**
@@ -655,7 +655,7 @@  discard block
 block discarded – undo
 	 */
 	public function setSystemPrivateKey($keyId, $key) {
 		return $this->keyStorage->setSystemUserKey(
-			$keyId . '.' . $this->privateKeyId,
+			$keyId.'.'.$this->privateKeyId,
 			$key,
 			Encryption::ID);
 	}
@@ -695,7 +695,7 @@  discard block
 block discarded – undo
 	 */
 	public function getMasterKeyPassword() {
 		$password = $this->config->getSystemValue('secret');
-		if (empty($password)){
+		if (empty($password)) {
 			throw new \Exception('Can not get secret from Nextcloud instance');
 		}
 
@@ -717,6 +717,6 @@  discard block
 block discarded – undo
 	 * @return string
 	 */
 	public function getPublicMasterKey() {
-		return $this->keyStorage->getSystemUserKey($this->masterKeyId . '.publicKey', Encryption::ID);
+		return $this->keyStorage->getSystemUserKey($this->masterKeyId.'.publicKey', Encryption::ID);
 	}
 }

Please login to merge, or discard this patch.

settings/Controller/UsersController.php 1 patch

Indentation +974 added lines, -974 removed lines patch added patch discarded remove patch

@@ -62,979 +62,979 @@
 block discarded – undo
  * @package OC\Settings\Controller
  */
 class UsersController extends Controller {
-	/** @var IL10N */
-	private $l10n;
-	/** @var IUserSession */
-	private $userSession;
-	/** @var bool */
-	private $isAdmin;
-	/** @var IUserManager */
-	private $userManager;
-	/** @var IGroupManager */
-	private $groupManager;
-	/** @var IConfig */
-	private $config;
-	/** @var ILogger */
-	private $log;
-	/** @var IMailer */
-	private $mailer;
-	/** @var bool contains the state of the encryption app */
-	private $isEncryptionAppEnabled;
-	/** @var bool contains the state of the admin recovery setting */
-	private $isRestoreEnabled = false;
-	/** @var IAppManager */
-	private $appManager;
-	/** @var IAvatarManager */
-	private $avatarManager;
-	/** @var AccountManager */
-	private $accountManager;
-	/** @var ISecureRandom */
-	private $secureRandom;
-	/** @var NewUserMailHelper */
-	private $newUserMailHelper;
-	/** @var ITimeFactory */
-	private $timeFactory;
-	/** @var ICrypto */
-	private $crypto;
-	/** @var Manager */
-	private $keyManager;
-	/** @var IJobList */
-	private $jobList;
-
-	/** @var IUserMountCache */
-	private $userMountCache;
-
-	/** @var IManager */
-	private $encryptionManager;
-
-
-	/**
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param IUserManager $userManager
-	 * @param IGroupManager $groupManager
-	 * @param IUserSession $userSession
-	 * @param IConfig $config
-	 * @param bool $isAdmin
-	 * @param IL10N $l10n
-	 * @param ILogger $log
-	 * @param IMailer $mailer
-	 * @param IURLGenerator $urlGenerator
-	 * @param IAppManager $appManager
-	 * @param IAvatarManager $avatarManager
-	 * @param AccountManager $accountManager
-	 * @param ISecureRandom $secureRandom
-	 * @param NewUserMailHelper $newUserMailHelper
-	 * @param ITimeFactory $timeFactory
-	 * @param ICrypto $crypto
-	 * @param Manager $keyManager
-	 * @param IJobList $jobList
-	 * @param IUserMountCache $userMountCache
-	 * @param IManager $encryptionManager
-	 */
-	public function __construct($appName,
-								IRequest $request,
-								IUserManager $userManager,
-								IGroupManager $groupManager,
-								IUserSession $userSession,
-								IConfig $config,
-								$isAdmin,
-								IL10N $l10n,
-								ILogger $log,
-								IMailer $mailer,
-								IURLGenerator $urlGenerator,
-								IAppManager $appManager,
-								IAvatarManager $avatarManager,
-								AccountManager $accountManager,
-								ISecureRandom $secureRandom,
-								NewUserMailHelper $newUserMailHelper,
-								ITimeFactory $timeFactory,
-								ICrypto $crypto,
-								Manager $keyManager,
-								IJobList $jobList,
-								IUserMountCache $userMountCache,
-								IManager $encryptionManager) {
-		parent::__construct($appName, $request);
-		$this->userManager = $userManager;
-		$this->groupManager = $groupManager;
-		$this->userSession = $userSession;
-		$this->config = $config;
-		$this->isAdmin = $isAdmin;
-		$this->l10n = $l10n;
-		$this->log = $log;
-		$this->mailer = $mailer;
-		$this->appManager = $appManager;
-		$this->avatarManager = $avatarManager;
-		$this->accountManager = $accountManager;
-		$this->secureRandom = $secureRandom;
-		$this->newUserMailHelper = $newUserMailHelper;
-		$this->timeFactory = $timeFactory;
-		$this->crypto = $crypto;
-		$this->keyManager = $keyManager;
-		$this->jobList = $jobList;
-		$this->userMountCache = $userMountCache;
-		$this->encryptionManager = $encryptionManager;
-
-		// check for encryption state - TODO see formatUserForIndex
-		$this->isEncryptionAppEnabled = $appManager->isEnabledForUser('encryption');
-		if ($this->isEncryptionAppEnabled) {
-			// putting this directly in empty is possible in PHP 5.5+
-			$result = $config->getAppValue('encryption', 'recoveryAdminEnabled', 0);
-			$this->isRestoreEnabled = !empty($result);
-		}
-	}
-
-	/**
-	 * @param IUser $user
-	 * @param array $userGroups
-	 * @return array
-	 */
-	private function formatUserForIndex(IUser $user, array $userGroups = null) {
-
-		// TODO: eliminate this encryption specific code below and somehow
-		// hook in additional user info from other apps
-
-		// recovery isn't possible if admin or user has it disabled and encryption
-		// is enabled - so we eliminate the else paths in the conditional tree
-		// below
-		$restorePossible = false;
-
-		if ($this->isEncryptionAppEnabled) {
-			if ($this->isRestoreEnabled) {
-				// check for the users recovery setting
-				$recoveryMode = $this->config->getUserValue($user->getUID(), 'encryption', 'recoveryEnabled', '0');
-				// method call inside empty is possible with PHP 5.5+
-				$recoveryModeEnabled = !empty($recoveryMode);
-				if ($recoveryModeEnabled) {
-					// user also has recovery mode enabled
-					$restorePossible = true;
-				}
-			} else {
-				$modules = $this->encryptionManager->getEncryptionModules();
-				$restorePossible = true;
-				foreach ($modules as $id => $module) {
-					/* @var IEncryptionModule $instance */
-					$instance = call_user_func($module['callback']);
-					if ($instance->needDetailedAccessList()) {
-						$restorePossible = false;
-						break;
-					}
-				}
-			}
-		} else {
-			// recovery is possible if encryption is disabled (plain files are
-			// available)
-			$restorePossible = true;
-		}
-
-		$subAdminGroups = $this->groupManager->getSubAdmin()->getSubAdminsGroups($user);
-		foreach ($subAdminGroups as $key => $subAdminGroup) {
-			$subAdminGroups[$key] = $subAdminGroup->getGID();
-		}
-
-		$displayName = $user->getEMailAddress();
-		if (is_null($displayName)) {
-			$displayName = '';
-		}
-
-		$avatarAvailable = false;
-		try {
-			$avatarAvailable = $this->avatarManager->getAvatar($user->getUID())->exists();
-		} catch (\Exception $e) {
-			//No avatar yet
-		}
-
-		return [
-			'name' => $user->getUID(),
-			'displayname' => $user->getDisplayName(),
-			'groups' => (empty($userGroups)) ? $this->groupManager->getUserGroupIds($user) : $userGroups,
-			'subadmin' => $subAdminGroups,
-			'quota' => $user->getQuota(),
-			'quota_bytes' => Util::computerFileSize($user->getQuota()),
-			'storageLocation' => $user->getHome(),
-			'lastLogin' => $user->getLastLogin() * 1000,
-			'backend' => $user->getBackendClassName(),
-			'email' => $displayName,
-			'isRestoreDisabled' => !$restorePossible,
-			'isAvatarAvailable' => $avatarAvailable,
-			'isEnabled' => $user->isEnabled(),
-		];
-	}
-
-	/**
-	 * @param array $userIDs Array with schema [$uid => $displayName]
-	 * @return IUser[]
-	 */
-	private function getUsersForUID(array $userIDs) {
-		$users = [];
-		foreach ($userIDs as $uid => $displayName) {
-			$users[$uid] = $this->userManager->get($uid);
-		}
-		return $users;
-	}
-
-	/**
-	 * @NoAdminRequired
-	 *
-	 * @param int $offset
-	 * @param int $limit
-	 * @param string $gid GID to filter for
-	 * @param string $pattern Pattern to search for in the username
-	 * @param string $backend Backend to filter for (class-name)
-	 * @return DataResponse
-	 *
-	 * TODO: Tidy up and write unit tests - code is mainly static method calls
-	 */
-	public function index($offset = 0, $limit = 10, $gid = '', $pattern = '', $backend = '') {
-		// Remove backends
-		if (!empty($backend)) {
-			$activeBackends = $this->userManager->getBackends();
-			$this->userManager->clearBackends();
-			foreach ($activeBackends as $singleActiveBackend) {
-				if ($backend === get_class($singleActiveBackend)) {
-					$this->userManager->registerBackend($singleActiveBackend);
-					break;
-				}
-			}
-		}
-
-		$userObjects = [];
-		$users = [];
-		if ($this->isAdmin) {
-			if ($gid !== '' && $gid !== '_disabledUsers') {
-				$batch = $this->getUsersForUID($this->groupManager->displayNamesInGroup($gid, $pattern, $limit, $offset));
-			} else {
-				$batch = $this->userManager->search($pattern, $limit, $offset);
-			}
-
-			foreach ($batch as $user) {
-				if (($gid !== '_disabledUsers' && $user->isEnabled()) ||
-					($gid === '_disabledUsers' && !$user->isEnabled())
-				) {
-					$userObjects[] = $user;
-					$users[] = $this->formatUserForIndex($user);
-				}
-			}
-
-		} else {
-			$subAdminOfGroups = $this->groupManager->getSubAdmin()->getSubAdminsGroups($this->userSession->getUser());
-			// New class returns IGroup[] so convert back
-			$gids = [];
-			foreach ($subAdminOfGroups as $group) {
-				$gids[] = $group->getGID();
-			}
-			$subAdminOfGroups = $gids;
-
-			// Set the $gid parameter to an empty value if the subadmin has no rights to access a specific group
-			if ($gid !== '' && $gid !== '_disabledUsers' && !in_array($gid, $subAdminOfGroups)) {
-				$gid = '';
-			}
-
-			// Batch all groups the user is subadmin of when a group is specified
-			$batch = [];
-			if ($gid === '') {
-				foreach ($subAdminOfGroups as $group) {
-					$groupUsers = $this->groupManager->displayNamesInGroup($group, $pattern, $limit, $offset);
-
-					foreach ($groupUsers as $uid => $displayName) {
-						$batch[$uid] = $displayName;
-					}
-				}
-			} else {
-				$batch = $this->groupManager->displayNamesInGroup($gid, $pattern, $limit, $offset);
-			}
-			$batch = $this->getUsersForUID($batch);
-
-			foreach ($batch as $user) {
-				// Only add the groups, this user is a subadmin of
-				$userGroups = array_values(array_intersect(
-					$this->groupManager->getUserGroupIds($user),
-					$subAdminOfGroups
-				));
-				if (($gid !== '_disabledUsers' && $user->isEnabled()) ||
-					($gid === '_disabledUsers' && !$user->isEnabled())
-				) {
-					$userObjects[] = $user;
-					$users[] = $this->formatUserForIndex($user, $userGroups);
-				}
-			}
-		}
-
-		$usedSpace = $this->userMountCache->getUsedSpaceForUsers($userObjects);
-
-		foreach ($users as &$userData) {
-			$userData['size'] = isset($usedSpace[$userData['name']]) ? $usedSpace[$userData['name']] : 0;
-		}
-
-		return new DataResponse($users);
-	}
-
-	/**
-	 * @NoAdminRequired
-	 * @PasswordConfirmationRequired
-	 *
-	 * @param string $username
-	 * @param string $password
-	 * @param array $groups
-	 * @param string $email
-	 * @return DataResponse
-	 */
-	public function create($username, $password, array $groups = [], $email = '') {
-		if ($email !== '' && !$this->mailer->validateMailAddress($email)) {
-			return new DataResponse(
-				[
-					'message' => (string)$this->l10n->t('Invalid mail address')
-				],
-				Http::STATUS_UNPROCESSABLE_ENTITY
-			);
-		}
-
-		$currentUser = $this->userSession->getUser();
-
-		if (!$this->isAdmin) {
-			if (!empty($groups)) {
-				foreach ($groups as $key => $group) {
-					$groupObject = $this->groupManager->get($group);
-					if ($groupObject === null) {
-						unset($groups[$key]);
-						continue;
-					}
-
-					if (!$this->groupManager->getSubAdmin()->isSubAdminofGroup($currentUser, $groupObject)) {
-						unset($groups[$key]);
-					}
-				}
-			}
-
-			if (empty($groups)) {
-				return new DataResponse(
-					[
-						'message' => $this->l10n->t('No valid group selected'),
-					],
-					Http::STATUS_FORBIDDEN
-				);
-			}
-		}
-
-		if ($this->userManager->userExists($username)) {
-			return new DataResponse(
-				[
-					'message' => (string)$this->l10n->t('A user with that name already exists.')
-				],
-				Http::STATUS_CONFLICT
-			);
-		}
-
-		$generatePasswordResetToken = false;
-		if ($password === '') {
-			if ($email === '') {
-				return new DataResponse(
-					[
-						'message' => (string)$this->l10n->t('To send a password link to the user an email address is required.')
-					],
-					Http::STATUS_UNPROCESSABLE_ENTITY
-				);
-			}
-
-			$password = $this->secureRandom->generate(32);
-			$generatePasswordResetToken = true;
-		}
-
-		try {
-			$user = $this->userManager->createUser($username, $password);
-		} catch (\Exception $exception) {
-			$message = $exception->getMessage();
-			if (!$message) {
-				$message = $this->l10n->t('Unable to create user.');
-			}
-			return new DataResponse(
-				[
-					'message' => (string)$message,
-				],
-				Http::STATUS_FORBIDDEN
-			);
-		}
-
-		if ($user instanceof IUser) {
-			if ($groups !== null) {
-				foreach ($groups as $groupName) {
-					$group = $this->groupManager->get($groupName);
-
-					if (empty($group)) {
-						$group = $this->groupManager->createGroup($groupName);
-					}
-					$group->addUser($user);
-				}
-			}
-			/**
-			 * Send new user mail only if a mail is set
-			 */
-			if ($email !== '') {
-				$user->setEMailAddress($email);
-				try {
-					$emailTemplate = $this->newUserMailHelper->generateTemplate($user, $generatePasswordResetToken);
-					$this->newUserMailHelper->sendMail($user, $emailTemplate);
-				} catch (\Exception $e) {
-					$this->log->error("Can't send new user mail to $email: " . $e->getMessage(), ['app' => 'settings']);
-				}
-			}
-			// fetch users groups
-			$userGroups = $this->groupManager->getUserGroupIds($user);
-
-			return new DataResponse(
-				$this->formatUserForIndex($user, $userGroups),
-				Http::STATUS_CREATED
-			);
-		}
-
-		return new DataResponse(
-			[
-				'message' => (string)$this->l10n->t('Unable to create user.')
-			],
-			Http::STATUS_FORBIDDEN
-		);
-
-	}
-
-	/**
-	 * @NoAdminRequired
-	 * @PasswordConfirmationRequired
-	 *
-	 * @param string $id
-	 * @return DataResponse
-	 */
-	public function destroy($id) {
-		$userId = $this->userSession->getUser()->getUID();
-		$user = $this->userManager->get($id);
-
-		if ($userId === $id) {
-			return new DataResponse(
-				[
-					'status' => 'error',
-					'data' => [
-						'message' => (string)$this->l10n->t('Unable to delete user.')
-					]
-				],
-				Http::STATUS_FORBIDDEN
-			);
-		}
-
-		if (!$this->isAdmin && !$this->groupManager->getSubAdmin()->isUserAccessible($this->userSession->getUser(), $user)) {
-			return new DataResponse(
-				[
-					'status' => 'error',
-					'data' => [
-						'message' => (string)$this->l10n->t('Authentication error')
-					]
-				],
-				Http::STATUS_FORBIDDEN
-			);
-		}
-
-		if ($user) {
-			if ($user->delete()) {
-				return new DataResponse(
-					[
-						'status' => 'success',
-						'data' => [
-							'username' => $id
-						]
-					],
-					Http::STATUS_NO_CONTENT
-				);
-			}
-		}
-
-		return new DataResponse(
-			[
-				'status' => 'error',
-				'data' => [
-					'message' => (string)$this->l10n->t('Unable to delete user.')
-				]
-			],
-			Http::STATUS_FORBIDDEN
-		);
-	}
-
-	/**
-	 * @NoAdminRequired
-	 *
-	 * @param string $id
-	 * @param int $enabled
-	 * @return DataResponse
-	 */
-	public function setEnabled($id, $enabled) {
-		$enabled = (bool)$enabled;
-		if ($enabled) {
-			$errorMsgGeneral = (string)$this->l10n->t('Error while enabling user.');
-		} else {
-			$errorMsgGeneral = (string)$this->l10n->t('Error while disabling user.');
-		}
-
-		$userId = $this->userSession->getUser()->getUID();
-		$user = $this->userManager->get($id);
-
-		if ($userId === $id) {
-			return new DataResponse(
-				[
-					'status' => 'error',
-					'data' => [
-						'message' => $errorMsgGeneral
-					]
-				], Http::STATUS_FORBIDDEN
-			);
-		}
-
-		if ($user) {
-			if (!$this->isAdmin && !$this->groupManager->getSubAdmin()->isUserAccessible($this->userSession->getUser(), $user)) {
-				return new DataResponse(
-					[
-						'status' => 'error',
-						'data' => [
-							'message' => (string)$this->l10n->t('Authentication error')
-						]
-					],
-					Http::STATUS_FORBIDDEN
-				);
-			}
-
-			$user->setEnabled($enabled);
-			return new DataResponse(
-				[
-					'status' => 'success',
-					'data' => [
-						'username' => $id,
-						'enabled' => $enabled
-					]
-				]
-			);
-		} else {
-			return new DataResponse(
-				[
-					'status' => 'error',
-					'data' => [
-						'message' => $errorMsgGeneral
-					]
-				],
-				Http::STATUS_FORBIDDEN
-			);
-		}
-
-	}
-
-	/**
-	 * Set the mail address of a user
-	 *
-	 * @NoAdminRequired
-	 * @NoSubadminRequired
-	 * @PasswordConfirmationRequired
-	 *
-	 * @param string $account
-	 * @param bool $onlyVerificationCode only return verification code without updating the data
-	 * @return DataResponse
-	 */
-	public function getVerificationCode($account, $onlyVerificationCode) {
-
-		$user = $this->userSession->getUser();
-
-		if ($user === null) {
-			return new DataResponse([], Http::STATUS_BAD_REQUEST);
-		}
-
-		$accountData = $this->accountManager->getUser($user);
-		$cloudId = $user->getCloudId();
-		$message = "Use my Federated Cloud ID to share with me: " . $cloudId;
-		$signature = $this->signMessage($user, $message);
-
-		$code = $message . ' ' . $signature;
-		$codeMd5 = $message . ' ' . md5($signature);
-
-		switch ($account) {
-			case 'verify-twitter':
-				$accountData[AccountManager::PROPERTY_TWITTER]['verified'] = AccountManager::VERIFICATION_IN_PROGRESS;
-				$msg = $this->l10n->t('In order to verify your Twitter account, post the following tweet on Twitter (please make sure to post it without any line breaks):');
-				$code = $codeMd5;
-				$type = AccountManager::PROPERTY_TWITTER;
-				$data = $accountData[AccountManager::PROPERTY_TWITTER]['value'];
-				$accountData[AccountManager::PROPERTY_TWITTER]['signature'] = $signature;
-				break;
-			case 'verify-website':
-				$accountData[AccountManager::PROPERTY_WEBSITE]['verified'] = AccountManager::VERIFICATION_IN_PROGRESS;
-				$msg = $this->l10n->t('In order to verify your Website, store the following content in your web-root at \'.well-known/CloudIdVerificationCode.txt\' (please make sure that the complete text is in one line):');
-				$type = AccountManager::PROPERTY_WEBSITE;
-				$data = $accountData[AccountManager::PROPERTY_WEBSITE]['value'];
-				$accountData[AccountManager::PROPERTY_WEBSITE]['signature'] = $signature;
-				break;
-			default:
-				return new DataResponse([], Http::STATUS_BAD_REQUEST);
-		}
-
-		if ($onlyVerificationCode === false) {
-			$this->accountManager->updateUser($user, $accountData);
-
-			$this->jobList->add('OC\Settings\BackgroundJobs\VerifyUserData',
-				[
-					'verificationCode' => $code,
-					'data' => $data,
-					'type' => $type,
-					'uid' => $user->getUID(),
-					'try' => 0,
-					'lastRun' => $this->getCurrentTime()
-				]
-			);
-		}
-
-		return new DataResponse(['msg' => $msg, 'code' => $code]);
-	}
-
-	/**
-	 * get current timestamp
-	 *
-	 * @return int
-	 */
-	protected function getCurrentTime() {
-		return time();
-	}
-
-	/**
-	 * sign message with users private key
-	 *
-	 * @param IUser $user
-	 * @param string $message
-	 *
-	 * @return string base64 encoded signature
-	 */
-	protected function signMessage(IUser $user, $message) {
-		$privateKey = $this->keyManager->getKey($user)->getPrivate();
-		openssl_sign(json_encode($message), $signature, $privateKey, OPENSSL_ALGO_SHA512);
-		$signatureBase64 = base64_encode($signature);
-
-		return $signatureBase64;
-	}
-
-	/**
-	 * @NoAdminRequired
-	 * @NoSubadminRequired
-	 * @PasswordConfirmationRequired
-	 *
-	 * @param string $avatarScope
-	 * @param string $displayname
-	 * @param string $displaynameScope
-	 * @param string $phone
-	 * @param string $phoneScope
-	 * @param string $email
-	 * @param string $emailScope
-	 * @param string $website
-	 * @param string $websiteScope
-	 * @param string $address
-	 * @param string $addressScope
-	 * @param string $twitter
-	 * @param string $twitterScope
-	 * @return DataResponse
-	 */
-	public function setUserSettings($avatarScope,
-									$displayname,
-									$displaynameScope,
-									$phone,
-									$phoneScope,
-									$email,
-									$emailScope,
-									$website,
-									$websiteScope,
-									$address,
-									$addressScope,
-									$twitter,
-									$twitterScope
-	) {
-
-		if (!empty($email) && !$this->mailer->validateMailAddress($email)) {
-			return new DataResponse(
-				[
-					'status' => 'error',
-					'data' => [
-						'message' => (string)$this->l10n->t('Invalid mail address')
-					]
-				],
-				Http::STATUS_UNPROCESSABLE_ENTITY
-			);
-		}
-
-		$user = $this->userSession->getUser();
-
-		$data = $this->accountManager->getUser($user);
-
-		$data[AccountManager::PROPERTY_AVATAR] = ['scope' => $avatarScope];
-		if ($this->config->getSystemValue('allow_user_to_change_display_name', true) !== false) {
-			$data[AccountManager::PROPERTY_DISPLAYNAME] = ['value' => $displayname, 'scope' => $displaynameScope];
-			$data[AccountManager::PROPERTY_EMAIL] = ['value' => $email, 'scope' => $emailScope];
-		}
-
-		if ($this->appManager->isEnabledForUser('federatedfilesharing')) {
-			$federatedFileSharing = new \OCA\FederatedFileSharing\AppInfo\Application();
-			$shareProvider = $federatedFileSharing->getFederatedShareProvider();
-			if ($shareProvider->isLookupServerUploadEnabled()) {
-				$data[AccountManager::PROPERTY_WEBSITE] = ['value' => $website, 'scope' => $websiteScope];
-				$data[AccountManager::PROPERTY_ADDRESS] = ['value' => $address, 'scope' => $addressScope];
-				$data[AccountManager::PROPERTY_PHONE] = ['value' => $phone, 'scope' => $phoneScope];
-				$data[AccountManager::PROPERTY_TWITTER] = ['value' => $twitter, 'scope' => $twitterScope];
-			}
-		}
-
-		try {
-			$this->saveUserSettings($user, $data);
-			return new DataResponse(
-				[
-					'status' => 'success',
-					'data' => [
-						'userId' => $user->getUID(),
-						'avatarScope' => $data[AccountManager::PROPERTY_AVATAR]['scope'],
-						'displayname' => $data[AccountManager::PROPERTY_DISPLAYNAME]['value'],
-						'displaynameScope' => $data[AccountManager::PROPERTY_DISPLAYNAME]['scope'],
-						'email' => $data[AccountManager::PROPERTY_EMAIL]['value'],
-						'emailScope' => $data[AccountManager::PROPERTY_EMAIL]['scope'],
-						'website' => $data[AccountManager::PROPERTY_WEBSITE]['value'],
-						'websiteScope' => $data[AccountManager::PROPERTY_WEBSITE]['scope'],
-						'address' => $data[AccountManager::PROPERTY_ADDRESS]['value'],
-						'addressScope' => $data[AccountManager::PROPERTY_ADDRESS]['scope'],
-						'message' => (string)$this->l10n->t('Settings saved')
-					]
-				],
-				Http::STATUS_OK
-			);
-		} catch (ForbiddenException $e) {
-			return new DataResponse([
-				'status' => 'error',
-				'data' => [
-					'message' => $e->getMessage()
-				],
-			]);
-		}
-
-	}
-
-
-	/**
-	 * update account manager with new user data
-	 *
-	 * @param IUser $user
-	 * @param array $data
-	 * @throws ForbiddenException
-	 */
-	protected function saveUserSettings(IUser $user, $data) {
-
-		// keep the user back-end up-to-date with the latest display name and email
-		// address
-		$oldDisplayName = $user->getDisplayName();
-		$oldDisplayName = is_null($oldDisplayName) ? '' : $oldDisplayName;
-		if (isset($data[AccountManager::PROPERTY_DISPLAYNAME]['value'])
-			&& $oldDisplayName !== $data[AccountManager::PROPERTY_DISPLAYNAME]['value']
-		) {
-			$result = $user->setDisplayName($data[AccountManager::PROPERTY_DISPLAYNAME]['value']);
-			if ($result === false) {
-				throw new ForbiddenException($this->l10n->t('Unable to change full name'));
-			}
-		}
-
-		$oldEmailAddress = $user->getEMailAddress();
-		$oldEmailAddress = is_null($oldEmailAddress) ? '' : $oldEmailAddress;
-		if (isset($data[AccountManager::PROPERTY_EMAIL]['value'])
-			&& $oldEmailAddress !== $data[AccountManager::PROPERTY_EMAIL]['value']
-		) {
-			// this is the only permission a backend provides and is also used
-			// for the permission of setting a email address
-			if (!$user->canChangeDisplayName()) {
-				throw new ForbiddenException($this->l10n->t('Unable to change email address'));
-			}
-			$user->setEMailAddress($data[AccountManager::PROPERTY_EMAIL]['value']);
-		}
-
-		$this->accountManager->updateUser($user, $data);
-	}
-
-	/**
-	 * Count all unique users visible for the current admin/subadmin.
-	 *
-	 * @NoAdminRequired
-	 *
-	 * @return DataResponse
-	 */
-	public function stats() {
-		$userCount = 0;
-		if ($this->isAdmin) {
-			$countByBackend = $this->userManager->countUsers();
-
-			if (!empty($countByBackend)) {
-				foreach ($countByBackend as $count) {
-					$userCount += $count;
-				}
-			}
-		} else {
-			$groups = $this->groupManager->getSubAdmin()->getSubAdminsGroups($this->userSession->getUser());
-
-			$uniqueUsers = [];
-			foreach ($groups as $group) {
-				foreach ($group->getUsers() as $uid => $displayName) {
-					$uniqueUsers[$uid] = true;
-				}
-			}
-
-			$userCount = count($uniqueUsers);
-		}
-
-		return new DataResponse(
-			[
-				'totalUsers' => $userCount
-			]
-		);
-	}
-
-
-	/**
-	 * Set the displayName of a user
-	 *
-	 * @NoAdminRequired
-	 * @NoSubadminRequired
-	 * @PasswordConfirmationRequired
-	 * @todo merge into saveUserSettings
-	 *
-	 * @param string $username
-	 * @param string $displayName
-	 * @return DataResponse
-	 */
-	public function setDisplayName($username, $displayName) {
-		$currentUser = $this->userSession->getUser();
-		$user = $this->userManager->get($username);
-
-		if ($user === null ||
-			!$user->canChangeDisplayName() ||
-			(
-				!$this->groupManager->isAdmin($currentUser->getUID()) &&
-				!$this->groupManager->getSubAdmin()->isUserAccessible($currentUser, $user) &&
-				$currentUser->getUID() !== $username
-
-			)
-		) {
-			return new DataResponse([
-				'status' => 'error',
-				'data' => [
-					'message' => $this->l10n->t('Authentication error'),
-				],
-			]);
-		}
-
-		$userData = $this->accountManager->getUser($user);
-		$userData[AccountManager::PROPERTY_DISPLAYNAME]['value'] = $displayName;
-
-
-		try {
-			$this->saveUserSettings($user, $userData);
-			return new DataResponse([
-				'status' => 'success',
-				'data' => [
-					'message' => $this->l10n->t('Your full name has been changed.'),
-					'username' => $username,
-					'displayName' => $displayName,
-				],
-			]);
-		} catch (ForbiddenException $e) {
-			return new DataResponse([
-				'status' => 'error',
-				'data' => [
-					'message' => $e->getMessage(),
-					'displayName' => $user->getDisplayName(),
-				],
-			]);
-		}
-	}
-
-	/**
-	 * Set the mail address of a user
-	 *
-	 * @NoAdminRequired
-	 * @NoSubadminRequired
-	 * @PasswordConfirmationRequired
-	 *
-	 * @param string $id
-	 * @param string $mailAddress
-	 * @return DataResponse
-	 */
-	public function setEMailAddress($id, $mailAddress) {
-		$user = $this->userManager->get($id);
-		if (!$this->isAdmin
-			&& !$this->groupManager->getSubAdmin()->isUserAccessible($this->userSession->getUser(), $user)
-		) {
-			return new DataResponse(
-				[
-					'status' => 'error',
-					'data' => [
-						'message' => (string)$this->l10n->t('Forbidden')
-					]
-				],
-				Http::STATUS_FORBIDDEN
-			);
-		}
-
-		if ($mailAddress !== '' && !$this->mailer->validateMailAddress($mailAddress)) {
-			return new DataResponse(
-				[
-					'status' => 'error',
-					'data' => [
-						'message' => (string)$this->l10n->t('Invalid mail address')
-					]
-				],
-				Http::STATUS_UNPROCESSABLE_ENTITY
-			);
-		}
-
-		if (!$user) {
-			return new DataResponse(
-				[
-					'status' => 'error',
-					'data' => [
-						'message' => (string)$this->l10n->t('Invalid user')
-					]
-				],
-				Http::STATUS_UNPROCESSABLE_ENTITY
-			);
-		}
-		// this is the only permission a backend provides and is also used
-		// for the permission of setting a email address
-		if (!$user->canChangeDisplayName()) {
-			return new DataResponse(
-				[
-					'status' => 'error',
-					'data' => [
-						'message' => (string)$this->l10n->t('Unable to change mail address')
-					]
-				],
-				Http::STATUS_FORBIDDEN
-			);
-		}
-
-		$userData = $this->accountManager->getUser($user);
-		$userData[AccountManager::PROPERTY_EMAIL]['value'] = $mailAddress;
-
-		try {
-			$this->saveUserSettings($user, $userData);
-			return new DataResponse(
-				[
-					'status' => 'success',
-					'data' => [
-						'username' => $id,
-						'mailAddress' => $mailAddress,
-						'message' => (string)$this->l10n->t('Email saved')
-					]
-				],
-				Http::STATUS_OK
-			);
-		} catch (ForbiddenException $e) {
-			return new DataResponse([
-				'status' => 'error',
-				'data' => [
-					'message' => $e->getMessage()
-				],
-			]);
-		}
-	}
+    /** @var IL10N */
+    private $l10n;
+    /** @var IUserSession */
+    private $userSession;
+    /** @var bool */
+    private $isAdmin;
+    /** @var IUserManager */
+    private $userManager;
+    /** @var IGroupManager */
+    private $groupManager;
+    /** @var IConfig */
+    private $config;
+    /** @var ILogger */
+    private $log;
+    /** @var IMailer */
+    private $mailer;
+    /** @var bool contains the state of the encryption app */
+    private $isEncryptionAppEnabled;
+    /** @var bool contains the state of the admin recovery setting */
+    private $isRestoreEnabled = false;
+    /** @var IAppManager */
+    private $appManager;
+    /** @var IAvatarManager */
+    private $avatarManager;
+    /** @var AccountManager */
+    private $accountManager;
+    /** @var ISecureRandom */
+    private $secureRandom;
+    /** @var NewUserMailHelper */
+    private $newUserMailHelper;
+    /** @var ITimeFactory */
+    private $timeFactory;
+    /** @var ICrypto */
+    private $crypto;
+    /** @var Manager */
+    private $keyManager;
+    /** @var IJobList */
+    private $jobList;
+
+    /** @var IUserMountCache */
+    private $userMountCache;
+
+    /** @var IManager */
+    private $encryptionManager;
+
+
+    /**
+     * @param string $appName
+     * @param IRequest $request
+     * @param IUserManager $userManager
+     * @param IGroupManager $groupManager
+     * @param IUserSession $userSession
+     * @param IConfig $config
+     * @param bool $isAdmin
+     * @param IL10N $l10n
+     * @param ILogger $log
+     * @param IMailer $mailer
+     * @param IURLGenerator $urlGenerator
+     * @param IAppManager $appManager
+     * @param IAvatarManager $avatarManager
+     * @param AccountManager $accountManager
+     * @param ISecureRandom $secureRandom
+     * @param NewUserMailHelper $newUserMailHelper
+     * @param ITimeFactory $timeFactory
+     * @param ICrypto $crypto
+     * @param Manager $keyManager
+     * @param IJobList $jobList
+     * @param IUserMountCache $userMountCache
+     * @param IManager $encryptionManager
+     */
+    public function __construct($appName,
+                                IRequest $request,
+                                IUserManager $userManager,
+                                IGroupManager $groupManager,
+                                IUserSession $userSession,
+                                IConfig $config,
+                                $isAdmin,
+                                IL10N $l10n,
+                                ILogger $log,
+                                IMailer $mailer,
+                                IURLGenerator $urlGenerator,
+                                IAppManager $appManager,
+                                IAvatarManager $avatarManager,
+                                AccountManager $accountManager,
+                                ISecureRandom $secureRandom,
+                                NewUserMailHelper $newUserMailHelper,
+                                ITimeFactory $timeFactory,
+                                ICrypto $crypto,
+                                Manager $keyManager,
+                                IJobList $jobList,
+                                IUserMountCache $userMountCache,
+                                IManager $encryptionManager) {
+        parent::__construct($appName, $request);
+        $this->userManager = $userManager;
+        $this->groupManager = $groupManager;
+        $this->userSession = $userSession;
+        $this->config = $config;
+        $this->isAdmin = $isAdmin;
+        $this->l10n = $l10n;
+        $this->log = $log;
+        $this->mailer = $mailer;
+        $this->appManager = $appManager;
+        $this->avatarManager = $avatarManager;
+        $this->accountManager = $accountManager;
+        $this->secureRandom = $secureRandom;
+        $this->newUserMailHelper = $newUserMailHelper;
+        $this->timeFactory = $timeFactory;
+        $this->crypto = $crypto;
+        $this->keyManager = $keyManager;
+        $this->jobList = $jobList;
+        $this->userMountCache = $userMountCache;
+        $this->encryptionManager = $encryptionManager;
+
+        // check for encryption state - TODO see formatUserForIndex
+        $this->isEncryptionAppEnabled = $appManager->isEnabledForUser('encryption');
+        if ($this->isEncryptionAppEnabled) {
+            // putting this directly in empty is possible in PHP 5.5+
+            $result = $config->getAppValue('encryption', 'recoveryAdminEnabled', 0);
+            $this->isRestoreEnabled = !empty($result);
+        }
+    }
+
+    /**
+     * @param IUser $user
+     * @param array $userGroups
+     * @return array
+     */
+    private function formatUserForIndex(IUser $user, array $userGroups = null) {
+
+        // TODO: eliminate this encryption specific code below and somehow
+        // hook in additional user info from other apps
+
+        // recovery isn't possible if admin or user has it disabled and encryption
+        // is enabled - so we eliminate the else paths in the conditional tree
+        // below
+        $restorePossible = false;
+
+        if ($this->isEncryptionAppEnabled) {
+            if ($this->isRestoreEnabled) {
+                // check for the users recovery setting
+                $recoveryMode = $this->config->getUserValue($user->getUID(), 'encryption', 'recoveryEnabled', '0');
+                // method call inside empty is possible with PHP 5.5+
+                $recoveryModeEnabled = !empty($recoveryMode);
+                if ($recoveryModeEnabled) {
+                    // user also has recovery mode enabled
+                    $restorePossible = true;
+                }
+            } else {
+                $modules = $this->encryptionManager->getEncryptionModules();
+                $restorePossible = true;
+                foreach ($modules as $id => $module) {
+                    /* @var IEncryptionModule $instance */
+                    $instance = call_user_func($module['callback']);
+                    if ($instance->needDetailedAccessList()) {
+                        $restorePossible = false;
+                        break;
+                    }
+                }
+            }
+        } else {
+            // recovery is possible if encryption is disabled (plain files are
+            // available)
+            $restorePossible = true;
+        }
+
+        $subAdminGroups = $this->groupManager->getSubAdmin()->getSubAdminsGroups($user);
+        foreach ($subAdminGroups as $key => $subAdminGroup) {
+            $subAdminGroups[$key] = $subAdminGroup->getGID();
+        }
+
+        $displayName = $user->getEMailAddress();
+        if (is_null($displayName)) {
+            $displayName = '';
+        }
+
+        $avatarAvailable = false;
+        try {
+            $avatarAvailable = $this->avatarManager->getAvatar($user->getUID())->exists();
+        } catch (\Exception $e) {
+            //No avatar yet
+        }
+
+        return [
+            'name' => $user->getUID(),
+            'displayname' => $user->getDisplayName(),
+            'groups' => (empty($userGroups)) ? $this->groupManager->getUserGroupIds($user) : $userGroups,
+            'subadmin' => $subAdminGroups,
+            'quota' => $user->getQuota(),
+            'quota_bytes' => Util::computerFileSize($user->getQuota()),
+            'storageLocation' => $user->getHome(),
+            'lastLogin' => $user->getLastLogin() * 1000,
+            'backend' => $user->getBackendClassName(),
+            'email' => $displayName,
+            'isRestoreDisabled' => !$restorePossible,
+            'isAvatarAvailable' => $avatarAvailable,
+            'isEnabled' => $user->isEnabled(),
+        ];
+    }
+
+    /**
+     * @param array $userIDs Array with schema [$uid => $displayName]
+     * @return IUser[]
+     */
+    private function getUsersForUID(array $userIDs) {
+        $users = [];
+        foreach ($userIDs as $uid => $displayName) {
+            $users[$uid] = $this->userManager->get($uid);
+        }
+        return $users;
+    }
+
+    /**
+     * @NoAdminRequired
+     *
+     * @param int $offset
+     * @param int $limit
+     * @param string $gid GID to filter for
+     * @param string $pattern Pattern to search for in the username
+     * @param string $backend Backend to filter for (class-name)
+     * @return DataResponse
+     *
+     * TODO: Tidy up and write unit tests - code is mainly static method calls
+     */
+    public function index($offset = 0, $limit = 10, $gid = '', $pattern = '', $backend = '') {
+        // Remove backends
+        if (!empty($backend)) {
+            $activeBackends = $this->userManager->getBackends();
+            $this->userManager->clearBackends();
+            foreach ($activeBackends as $singleActiveBackend) {
+                if ($backend === get_class($singleActiveBackend)) {
+                    $this->userManager->registerBackend($singleActiveBackend);
+                    break;
+                }
+            }
+        }
+
+        $userObjects = [];
+        $users = [];
+        if ($this->isAdmin) {
+            if ($gid !== '' && $gid !== '_disabledUsers') {
+                $batch = $this->getUsersForUID($this->groupManager->displayNamesInGroup($gid, $pattern, $limit, $offset));
+            } else {
+                $batch = $this->userManager->search($pattern, $limit, $offset);
+            }
+
+            foreach ($batch as $user) {
+                if (($gid !== '_disabledUsers' && $user->isEnabled()) ||
+                    ($gid === '_disabledUsers' && !$user->isEnabled())
+                ) {
+                    $userObjects[] = $user;
+                    $users[] = $this->formatUserForIndex($user);
+                }
+            }
+
+        } else {
+            $subAdminOfGroups = $this->groupManager->getSubAdmin()->getSubAdminsGroups($this->userSession->getUser());
+            // New class returns IGroup[] so convert back
+            $gids = [];
+            foreach ($subAdminOfGroups as $group) {
+                $gids[] = $group->getGID();
+            }
+            $subAdminOfGroups = $gids;
+
+            // Set the $gid parameter to an empty value if the subadmin has no rights to access a specific group
+            if ($gid !== '' && $gid !== '_disabledUsers' && !in_array($gid, $subAdminOfGroups)) {
+                $gid = '';
+            }
+
+            // Batch all groups the user is subadmin of when a group is specified
+            $batch = [];
+            if ($gid === '') {
+                foreach ($subAdminOfGroups as $group) {
+                    $groupUsers = $this->groupManager->displayNamesInGroup($group, $pattern, $limit, $offset);
+
+                    foreach ($groupUsers as $uid => $displayName) {
+                        $batch[$uid] = $displayName;
+                    }
+                }
+            } else {
+                $batch = $this->groupManager->displayNamesInGroup($gid, $pattern, $limit, $offset);
+            }
+            $batch = $this->getUsersForUID($batch);
+
+            foreach ($batch as $user) {
+                // Only add the groups, this user is a subadmin of
+                $userGroups = array_values(array_intersect(
+                    $this->groupManager->getUserGroupIds($user),
+                    $subAdminOfGroups
+                ));
+                if (($gid !== '_disabledUsers' && $user->isEnabled()) ||
+                    ($gid === '_disabledUsers' && !$user->isEnabled())
+                ) {
+                    $userObjects[] = $user;
+                    $users[] = $this->formatUserForIndex($user, $userGroups);
+                }
+            }
+        }
+
+        $usedSpace = $this->userMountCache->getUsedSpaceForUsers($userObjects);
+
+        foreach ($users as &$userData) {
+            $userData['size'] = isset($usedSpace[$userData['name']]) ? $usedSpace[$userData['name']] : 0;
+        }
+
+        return new DataResponse($users);
+    }
+
+    /**
+     * @NoAdminRequired
+     * @PasswordConfirmationRequired
+     *
+     * @param string $username
+     * @param string $password
+     * @param array $groups
+     * @param string $email
+     * @return DataResponse
+     */
+    public function create($username, $password, array $groups = [], $email = '') {
+        if ($email !== '' && !$this->mailer->validateMailAddress($email)) {
+            return new DataResponse(
+                [
+                    'message' => (string)$this->l10n->t('Invalid mail address')
+                ],
+                Http::STATUS_UNPROCESSABLE_ENTITY
+            );
+        }
+
+        $currentUser = $this->userSession->getUser();
+
+        if (!$this->isAdmin) {
+            if (!empty($groups)) {
+                foreach ($groups as $key => $group) {
+                    $groupObject = $this->groupManager->get($group);
+                    if ($groupObject === null) {
+                        unset($groups[$key]);
+                        continue;
+                    }
+
+                    if (!$this->groupManager->getSubAdmin()->isSubAdminofGroup($currentUser, $groupObject)) {
+                        unset($groups[$key]);
+                    }
+                }
+            }
+
+            if (empty($groups)) {
+                return new DataResponse(
+                    [
+                        'message' => $this->l10n->t('No valid group selected'),
+                    ],
+                    Http::STATUS_FORBIDDEN
+                );
+            }
+        }
+
+        if ($this->userManager->userExists($username)) {
+            return new DataResponse(
+                [
+                    'message' => (string)$this->l10n->t('A user with that name already exists.')
+                ],
+                Http::STATUS_CONFLICT
+            );
+        }
+
+        $generatePasswordResetToken = false;
+        if ($password === '') {
+            if ($email === '') {
+                return new DataResponse(
+                    [
+                        'message' => (string)$this->l10n->t('To send a password link to the user an email address is required.')
+                    ],
+                    Http::STATUS_UNPROCESSABLE_ENTITY
+                );
+            }
+
+            $password = $this->secureRandom->generate(32);
+            $generatePasswordResetToken = true;
+        }
+
+        try {
+            $user = $this->userManager->createUser($username, $password);
+        } catch (\Exception $exception) {
+            $message = $exception->getMessage();
+            if (!$message) {
+                $message = $this->l10n->t('Unable to create user.');
+            }
+            return new DataResponse(
+                [
+                    'message' => (string)$message,
+                ],
+                Http::STATUS_FORBIDDEN
+            );
+        }
+
+        if ($user instanceof IUser) {
+            if ($groups !== null) {
+                foreach ($groups as $groupName) {
+                    $group = $this->groupManager->get($groupName);
+
+                    if (empty($group)) {
+                        $group = $this->groupManager->createGroup($groupName);
+                    }
+                    $group->addUser($user);
+                }
+            }
+            /**
+             * Send new user mail only if a mail is set
+             */
+            if ($email !== '') {
+                $user->setEMailAddress($email);
+                try {
+                    $emailTemplate = $this->newUserMailHelper->generateTemplate($user, $generatePasswordResetToken);
+                    $this->newUserMailHelper->sendMail($user, $emailTemplate);
+                } catch (\Exception $e) {
+                    $this->log->error("Can't send new user mail to $email: " . $e->getMessage(), ['app' => 'settings']);
+                }
+            }
+            // fetch users groups
+            $userGroups = $this->groupManager->getUserGroupIds($user);
+
+            return new DataResponse(
+                $this->formatUserForIndex($user, $userGroups),
+                Http::STATUS_CREATED
+            );
+        }
+
+        return new DataResponse(
+            [
+                'message' => (string)$this->l10n->t('Unable to create user.')
+            ],
+            Http::STATUS_FORBIDDEN
+        );
+
+    }
+
+    /**
+     * @NoAdminRequired
+     * @PasswordConfirmationRequired
+     *
+     * @param string $id
+     * @return DataResponse
+     */
+    public function destroy($id) {
+        $userId = $this->userSession->getUser()->getUID();
+        $user = $this->userManager->get($id);
+
+        if ($userId === $id) {
+            return new DataResponse(
+                [
+                    'status' => 'error',
+                    'data' => [
+                        'message' => (string)$this->l10n->t('Unable to delete user.')
+                    ]
+                ],
+                Http::STATUS_FORBIDDEN
+            );
+        }
+
+        if (!$this->isAdmin && !$this->groupManager->getSubAdmin()->isUserAccessible($this->userSession->getUser(), $user)) {
+            return new DataResponse(
+                [
+                    'status' => 'error',
+                    'data' => [
+                        'message' => (string)$this->l10n->t('Authentication error')
+                    ]
+                ],
+                Http::STATUS_FORBIDDEN
+            );
+        }
+
+        if ($user) {
+            if ($user->delete()) {
+                return new DataResponse(
+                    [
+                        'status' => 'success',
+                        'data' => [
+                            'username' => $id
+                        ]
+                    ],
+                    Http::STATUS_NO_CONTENT
+                );
+            }
+        }
+
+        return new DataResponse(
+            [
+                'status' => 'error',
+                'data' => [
+                    'message' => (string)$this->l10n->t('Unable to delete user.')
+                ]
+            ],
+            Http::STATUS_FORBIDDEN
+        );
+    }
+
+    /**
+     * @NoAdminRequired
+     *
+     * @param string $id
+     * @param int $enabled
+     * @return DataResponse
+     */
+    public function setEnabled($id, $enabled) {
+        $enabled = (bool)$enabled;
+        if ($enabled) {
+            $errorMsgGeneral = (string)$this->l10n->t('Error while enabling user.');
+        } else {
+            $errorMsgGeneral = (string)$this->l10n->t('Error while disabling user.');
+        }
+
+        $userId = $this->userSession->getUser()->getUID();
+        $user = $this->userManager->get($id);
+
+        if ($userId === $id) {
+            return new DataResponse(
+                [
+                    'status' => 'error',
+                    'data' => [
+                        'message' => $errorMsgGeneral
+                    ]
+                ], Http::STATUS_FORBIDDEN
+            );
+        }
+
+        if ($user) {
+            if (!$this->isAdmin && !$this->groupManager->getSubAdmin()->isUserAccessible($this->userSession->getUser(), $user)) {
+                return new DataResponse(
+                    [
+                        'status' => 'error',
+                        'data' => [
+                            'message' => (string)$this->l10n->t('Authentication error')
+                        ]
+                    ],
+                    Http::STATUS_FORBIDDEN
+                );
+            }
+
+            $user->setEnabled($enabled);
+            return new DataResponse(
+                [
+                    'status' => 'success',
+                    'data' => [
+                        'username' => $id,
+                        'enabled' => $enabled
+                    ]
+                ]
+            );
+        } else {
+            return new DataResponse(
+                [
+                    'status' => 'error',
+                    'data' => [
+                        'message' => $errorMsgGeneral
+                    ]
+                ],
+                Http::STATUS_FORBIDDEN
+            );
+        }
+
+    }
+
+    /**
+     * Set the mail address of a user
+     *
+     * @NoAdminRequired
+     * @NoSubadminRequired
+     * @PasswordConfirmationRequired
+     *
+     * @param string $account
+     * @param bool $onlyVerificationCode only return verification code without updating the data
+     * @return DataResponse
+     */
+    public function getVerificationCode($account, $onlyVerificationCode) {
+
+        $user = $this->userSession->getUser();
+
+        if ($user === null) {
+            return new DataResponse([], Http::STATUS_BAD_REQUEST);
+        }
+
+        $accountData = $this->accountManager->getUser($user);
+        $cloudId = $user->getCloudId();
+        $message = "Use my Federated Cloud ID to share with me: " . $cloudId;
+        $signature = $this->signMessage($user, $message);
+
+        $code = $message . ' ' . $signature;
+        $codeMd5 = $message . ' ' . md5($signature);
+
+        switch ($account) {
+            case 'verify-twitter':
+                $accountData[AccountManager::PROPERTY_TWITTER]['verified'] = AccountManager::VERIFICATION_IN_PROGRESS;
+                $msg = $this->l10n->t('In order to verify your Twitter account, post the following tweet on Twitter (please make sure to post it without any line breaks):');
+                $code = $codeMd5;
+                $type = AccountManager::PROPERTY_TWITTER;
+                $data = $accountData[AccountManager::PROPERTY_TWITTER]['value'];
+                $accountData[AccountManager::PROPERTY_TWITTER]['signature'] = $signature;
+                break;
+            case 'verify-website':
+                $accountData[AccountManager::PROPERTY_WEBSITE]['verified'] = AccountManager::VERIFICATION_IN_PROGRESS;
+                $msg = $this->l10n->t('In order to verify your Website, store the following content in your web-root at \'.well-known/CloudIdVerificationCode.txt\' (please make sure that the complete text is in one line):');
+                $type = AccountManager::PROPERTY_WEBSITE;
+                $data = $accountData[AccountManager::PROPERTY_WEBSITE]['value'];
+                $accountData[AccountManager::PROPERTY_WEBSITE]['signature'] = $signature;
+                break;
+            default:
+                return new DataResponse([], Http::STATUS_BAD_REQUEST);
+        }
+
+        if ($onlyVerificationCode === false) {
+            $this->accountManager->updateUser($user, $accountData);
+
+            $this->jobList->add('OC\Settings\BackgroundJobs\VerifyUserData',
+                [
+                    'verificationCode' => $code,
+                    'data' => $data,
+                    'type' => $type,
+                    'uid' => $user->getUID(),
+                    'try' => 0,
+                    'lastRun' => $this->getCurrentTime()
+                ]
+            );
+        }
+
+        return new DataResponse(['msg' => $msg, 'code' => $code]);
+    }
+
+    /**
+     * get current timestamp
+     *
+     * @return int
+     */
+    protected function getCurrentTime() {
+        return time();
+    }
+
+    /**
+     * sign message with users private key
+     *
+     * @param IUser $user
+     * @param string $message
+     *
+     * @return string base64 encoded signature
+     */
+    protected function signMessage(IUser $user, $message) {
+        $privateKey = $this->keyManager->getKey($user)->getPrivate();
+        openssl_sign(json_encode($message), $signature, $privateKey, OPENSSL_ALGO_SHA512);
+        $signatureBase64 = base64_encode($signature);
+
+        return $signatureBase64;
+    }
+
+    /**
+     * @NoAdminRequired
+     * @NoSubadminRequired
+     * @PasswordConfirmationRequired
+     *
+     * @param string $avatarScope
+     * @param string $displayname
+     * @param string $displaynameScope
+     * @param string $phone
+     * @param string $phoneScope
+     * @param string $email
+     * @param string $emailScope
+     * @param string $website
+     * @param string $websiteScope
+     * @param string $address
+     * @param string $addressScope
+     * @param string $twitter
+     * @param string $twitterScope
+     * @return DataResponse
+     */
+    public function setUserSettings($avatarScope,
+                                    $displayname,
+                                    $displaynameScope,
+                                    $phone,
+                                    $phoneScope,
+                                    $email,
+                                    $emailScope,
+                                    $website,
+                                    $websiteScope,
+                                    $address,
+                                    $addressScope,
+                                    $twitter,
+                                    $twitterScope
+    ) {
+
+        if (!empty($email) && !$this->mailer->validateMailAddress($email)) {
+            return new DataResponse(
+                [
+                    'status' => 'error',
+                    'data' => [
+                        'message' => (string)$this->l10n->t('Invalid mail address')
+                    ]
+                ],
+                Http::STATUS_UNPROCESSABLE_ENTITY
+            );
+        }
+
+        $user = $this->userSession->getUser();
+
+        $data = $this->accountManager->getUser($user);
+
+        $data[AccountManager::PROPERTY_AVATAR] = ['scope' => $avatarScope];
+        if ($this->config->getSystemValue('allow_user_to_change_display_name', true) !== false) {
+            $data[AccountManager::PROPERTY_DISPLAYNAME] = ['value' => $displayname, 'scope' => $displaynameScope];
+            $data[AccountManager::PROPERTY_EMAIL] = ['value' => $email, 'scope' => $emailScope];
+        }
+
+        if ($this->appManager->isEnabledForUser('federatedfilesharing')) {
+            $federatedFileSharing = new \OCA\FederatedFileSharing\AppInfo\Application();
+            $shareProvider = $federatedFileSharing->getFederatedShareProvider();
+            if ($shareProvider->isLookupServerUploadEnabled()) {
+                $data[AccountManager::PROPERTY_WEBSITE] = ['value' => $website, 'scope' => $websiteScope];
+                $data[AccountManager::PROPERTY_ADDRESS] = ['value' => $address, 'scope' => $addressScope];
+                $data[AccountManager::PROPERTY_PHONE] = ['value' => $phone, 'scope' => $phoneScope];
+                $data[AccountManager::PROPERTY_TWITTER] = ['value' => $twitter, 'scope' => $twitterScope];
+            }
+        }
+
+        try {
+            $this->saveUserSettings($user, $data);
+            return new DataResponse(
+                [
+                    'status' => 'success',
+                    'data' => [
+                        'userId' => $user->getUID(),
+                        'avatarScope' => $data[AccountManager::PROPERTY_AVATAR]['scope'],
+                        'displayname' => $data[AccountManager::PROPERTY_DISPLAYNAME]['value'],
+                        'displaynameScope' => $data[AccountManager::PROPERTY_DISPLAYNAME]['scope'],
+                        'email' => $data[AccountManager::PROPERTY_EMAIL]['value'],
+                        'emailScope' => $data[AccountManager::PROPERTY_EMAIL]['scope'],
+                        'website' => $data[AccountManager::PROPERTY_WEBSITE]['value'],
+                        'websiteScope' => $data[AccountManager::PROPERTY_WEBSITE]['scope'],
+                        'address' => $data[AccountManager::PROPERTY_ADDRESS]['value'],
+                        'addressScope' => $data[AccountManager::PROPERTY_ADDRESS]['scope'],
+                        'message' => (string)$this->l10n->t('Settings saved')
+                    ]
+                ],
+                Http::STATUS_OK
+            );
+        } catch (ForbiddenException $e) {
+            return new DataResponse([
+                'status' => 'error',
+                'data' => [
+                    'message' => $e->getMessage()
+                ],
+            ]);
+        }
+
+    }
+
+
+    /**
+     * update account manager with new user data
+     *
+     * @param IUser $user
+     * @param array $data
+     * @throws ForbiddenException
+     */
+    protected function saveUserSettings(IUser $user, $data) {
+
+        // keep the user back-end up-to-date with the latest display name and email
+        // address
+        $oldDisplayName = $user->getDisplayName();
+        $oldDisplayName = is_null($oldDisplayName) ? '' : $oldDisplayName;
+        if (isset($data[AccountManager::PROPERTY_DISPLAYNAME]['value'])
+            && $oldDisplayName !== $data[AccountManager::PROPERTY_DISPLAYNAME]['value']
+        ) {
+            $result = $user->setDisplayName($data[AccountManager::PROPERTY_DISPLAYNAME]['value']);
+            if ($result === false) {
+                throw new ForbiddenException($this->l10n->t('Unable to change full name'));
+            }
+        }
+
+        $oldEmailAddress = $user->getEMailAddress();
+        $oldEmailAddress = is_null($oldEmailAddress) ? '' : $oldEmailAddress;
+        if (isset($data[AccountManager::PROPERTY_EMAIL]['value'])
+            && $oldEmailAddress !== $data[AccountManager::PROPERTY_EMAIL]['value']
+        ) {
+            // this is the only permission a backend provides and is also used
+            // for the permission of setting a email address
+            if (!$user->canChangeDisplayName()) {
+                throw new ForbiddenException($this->l10n->t('Unable to change email address'));
+            }
+            $user->setEMailAddress($data[AccountManager::PROPERTY_EMAIL]['value']);
+        }
+
+        $this->accountManager->updateUser($user, $data);
+    }
+
+    /**
+     * Count all unique users visible for the current admin/subadmin.
+     *
+     * @NoAdminRequired
+     *
+     * @return DataResponse
+     */
+    public function stats() {
+        $userCount = 0;
+        if ($this->isAdmin) {
+            $countByBackend = $this->userManager->countUsers();
+
+            if (!empty($countByBackend)) {
+                foreach ($countByBackend as $count) {
+                    $userCount += $count;
+                }
+            }
+        } else {
+            $groups = $this->groupManager->getSubAdmin()->getSubAdminsGroups($this->userSession->getUser());
+
+            $uniqueUsers = [];
+            foreach ($groups as $group) {
+                foreach ($group->getUsers() as $uid => $displayName) {
+                    $uniqueUsers[$uid] = true;
+                }
+            }
+
+            $userCount = count($uniqueUsers);
+        }
+
+        return new DataResponse(
+            [
+                'totalUsers' => $userCount
+            ]
+        );
+    }
+
+
+    /**
+     * Set the displayName of a user
+     *
+     * @NoAdminRequired
+     * @NoSubadminRequired
+     * @PasswordConfirmationRequired
+     * @todo merge into saveUserSettings
+     *
+     * @param string $username
+     * @param string $displayName
+     * @return DataResponse
+     */
+    public function setDisplayName($username, $displayName) {
+        $currentUser = $this->userSession->getUser();
+        $user = $this->userManager->get($username);
+
+        if ($user === null ||
+            !$user->canChangeDisplayName() ||
+            (
+                !$this->groupManager->isAdmin($currentUser->getUID()) &&
+                !$this->groupManager->getSubAdmin()->isUserAccessible($currentUser, $user) &&
+                $currentUser->getUID() !== $username
+
+            )
+        ) {
+            return new DataResponse([
+                'status' => 'error',
+                'data' => [
+                    'message' => $this->l10n->t('Authentication error'),
+                ],
+            ]);
+        }
+
+        $userData = $this->accountManager->getUser($user);
+        $userData[AccountManager::PROPERTY_DISPLAYNAME]['value'] = $displayName;
+
+
+        try {
+            $this->saveUserSettings($user, $userData);
+            return new DataResponse([
+                'status' => 'success',
+                'data' => [
+                    'message' => $this->l10n->t('Your full name has been changed.'),
+                    'username' => $username,
+                    'displayName' => $displayName,
+                ],
+            ]);
+        } catch (ForbiddenException $e) {
+            return new DataResponse([
+                'status' => 'error',
+                'data' => [
+                    'message' => $e->getMessage(),
+                    'displayName' => $user->getDisplayName(),
+                ],
+            ]);
+        }
+    }
+
+    /**
+     * Set the mail address of a user
+     *
+     * @NoAdminRequired
+     * @NoSubadminRequired
+     * @PasswordConfirmationRequired
+     *
+     * @param string $id
+     * @param string $mailAddress
+     * @return DataResponse
+     */
+    public function setEMailAddress($id, $mailAddress) {
+        $user = $this->userManager->get($id);
+        if (!$this->isAdmin
+            && !$this->groupManager->getSubAdmin()->isUserAccessible($this->userSession->getUser(), $user)
+        ) {
+            return new DataResponse(
+                [
+                    'status' => 'error',
+                    'data' => [
+                        'message' => (string)$this->l10n->t('Forbidden')
+                    ]
+                ],
+                Http::STATUS_FORBIDDEN
+            );
+        }
+
+        if ($mailAddress !== '' && !$this->mailer->validateMailAddress($mailAddress)) {
+            return new DataResponse(
+                [
+                    'status' => 'error',
+                    'data' => [
+                        'message' => (string)$this->l10n->t('Invalid mail address')
+                    ]
+                ],
+                Http::STATUS_UNPROCESSABLE_ENTITY
+            );
+        }
+
+        if (!$user) {
+            return new DataResponse(
+                [
+                    'status' => 'error',
+                    'data' => [
+                        'message' => (string)$this->l10n->t('Invalid user')
+                    ]
+                ],
+                Http::STATUS_UNPROCESSABLE_ENTITY
+            );
+        }
+        // this is the only permission a backend provides and is also used
+        // for the permission of setting a email address
+        if (!$user->canChangeDisplayName()) {
+            return new DataResponse(
+                [
+                    'status' => 'error',
+                    'data' => [
+                        'message' => (string)$this->l10n->t('Unable to change mail address')
+                    ]
+                ],
+                Http::STATUS_FORBIDDEN
+            );
+        }
+
+        $userData = $this->accountManager->getUser($user);
+        $userData[AccountManager::PROPERTY_EMAIL]['value'] = $mailAddress;
+
+        try {
+            $this->saveUserSettings($user, $userData);
+            return new DataResponse(
+                [
+                    'status' => 'success',
+                    'data' => [
+                        'username' => $id,
+                        'mailAddress' => $mailAddress,
+                        'message' => (string)$this->l10n->t('Email saved')
+                    ]
+                ],
+                Http::STATUS_OK
+            );
+        } catch (ForbiddenException $e) {
+            return new DataResponse([
+                'status' => 'error',
+                'data' => [
+                    'message' => $e->getMessage()
+                ],
+            ]);
+        }
+    }
 
 }

Please login to merge, or discard this patch.

apps/encryption/lib/AppInfo/Application.php 1 patch

Indentation +222 added lines, -222 removed lines patch added patch discarded remove patch

@@ -48,226 +48,226 @@
 block discarded – undo
 
 class Application extends \OCP\AppFramework\App {
 
-	/** @var IManager */
-	private $encryptionManager;
-	/** @var IConfig */
-	private $config;
-
-	/**
-	 * @param array $urlParams
-	 * @param bool $encryptionSystemReady
-	 */
-	public function __construct($urlParams = array(), $encryptionSystemReady = true) {
-		parent::__construct('encryption', $urlParams);
-		$this->encryptionManager = \OC::$server->getEncryptionManager();
-		$this->config = \OC::$server->getConfig();
-		$this->registerServices();
-		if($encryptionSystemReady === false) {
-			/** @var Session $session */
-			$session = $this->getContainer()->query('Session');
-			$session->setStatus(Session::RUN_MIGRATION);
-		}
-
-	}
-
-	public function setUp() {
-		if ($this->encryptionManager->isEnabled()) {
-			/** @var Setup $setup */
-			$setup = $this->getContainer()->query('UserSetup');
-			$setup->setupSystem();
-		}
-	}
-
-	/**
-	 * register hooks
-	 */
-	public function registerHooks() {
-		if (!$this->config->getSystemValue('maintenance', false)) {
-
-			$container = $this->getContainer();
-			$server = $container->getServer();
-			// Register our hooks and fire them.
-			$hookManager = new HookManager();
-
-			$hookManager->registerHook([
-				new UserHooks($container->query('KeyManager'),
-					$server->getUserManager(),
-					$server->getLogger(),
-					$container->query('UserSetup'),
-					$server->getUserSession(),
-					$container->query('Util'),
-					$container->query('Session'),
-					$container->query('Crypt'),
-					$container->query('Recovery'))
-			]);
-
-			$hookManager->fireHooks();
-
-		} else {
-			// Logout user if we are in maintenance to force re-login
-			$this->getContainer()->getServer()->getUserSession()->logout();
-		}
-	}
-
-	public function registerEncryptionModule() {
-		$container = $this->getContainer();
-
-
-		$this->encryptionManager->registerEncryptionModule(
-			Encryption::ID,
-			Encryption::DISPLAY_NAME,
-			function() use ($container) {
-
-			return new Encryption(
-				$container->query('Crypt'),
-				$container->query('KeyManager'),
-				$container->query('Util'),
-				$container->query('Session'),
-				$container->query('EncryptAll'),
-				$container->query('DecryptAll'),
-				$container->getServer()->getLogger(),
-				$container->getServer()->getL10N($container->getAppName())
-			);
-		});
-
-	}
-
-	public function registerServices() {
-		$container = $this->getContainer();
-
-		$container->registerService('Crypt',
-			function (IAppContainer $c) {
-				$server = $c->getServer();
-				return new Crypt($server->getLogger(),
-					$server->getUserSession(),
-					$server->getConfig(),
-					$server->getL10N($c->getAppName()));
-			});
-
-		$container->registerService('Session',
-			function (IAppContainer $c) {
-				$server = $c->getServer();
-				return new Session($server->getSession());
-			}
-		);
-
-		$container->registerService('KeyManager',
-			function (IAppContainer $c) {
-				$server = $c->getServer();
-
-				return new KeyManager($server->getEncryptionKeyStorage(),
-					$c->query('Crypt'),
-					$server->getConfig(),
-					$server->getUserSession(),
-					new Session($server->getSession()),
-					$server->getLogger(),
-					$c->query('Util')
-				);
-			});
-
-		$container->registerService('Recovery',
-			function (IAppContainer $c) {
-				$server = $c->getServer();
-
-				return new Recovery(
-					$server->getUserSession(),
-					$c->query('Crypt'),
-					$server->getSecureRandom(),
-					$c->query('KeyManager'),
-					$server->getConfig(),
-					$server->getEncryptionKeyStorage(),
-					$server->getEncryptionFilesHelper(),
-					new View());
-			});
-
-		$container->registerService('RecoveryController', function (IAppContainer $c) {
-			$server = $c->getServer();
-			return new RecoveryController(
-				$c->getAppName(),
-				$server->getRequest(),
-				$server->getConfig(),
-				$server->getL10N($c->getAppName()),
-				$c->query('Recovery'));
-		});
-
-		$container->registerService('StatusController', function (IAppContainer $c) {
-			$server = $c->getServer();
-			return new StatusController(
-				$c->getAppName(),
-				$server->getRequest(),
-				$server->getL10N($c->getAppName()),
-				$c->query('Session'),
-				$server->getEncryptionManager()
-			);
-		});
-
-		$container->registerService('SettingsController', function (IAppContainer $c) {
-			$server = $c->getServer();
-			return new SettingsController(
-				$c->getAppName(),
-				$server->getRequest(),
-				$server->getL10N($c->getAppName()),
-				$server->getUserManager(),
-				$server->getUserSession(),
-				$c->query('KeyManager'),
-				$c->query('Crypt'),
-				$c->query('Session'),
-				$server->getSession(),
-				$c->query('Util')
-			);
-		});
-
-		$container->registerService('UserSetup',
-			function (IAppContainer $c) {
-				$server = $c->getServer();
-				return new Setup($server->getLogger(),
-					$server->getUserSession(),
-					$c->query('Crypt'),
-					$c->query('KeyManager'));
-			});
-
-		$container->registerService('Util',
-			function (IAppContainer $c) {
-				$server = $c->getServer();
-
-				return new Util(
-					new View(),
-					$c->query('Crypt'),
-					$server->getLogger(),
-					$server->getUserSession(),
-					$server->getConfig(),
-					$server->getUserManager());
-			});
-
-		$container->registerService('EncryptAll',
-			function (IAppContainer $c) {
-				$server = $c->getServer();
-				return new EncryptAll(
-					$c->query('UserSetup'),
-					$c->getServer()->getUserManager(),
-					new View(),
-					$c->query('KeyManager'),
-					$c->query('Util'),
-					$server->getConfig(),
-					$server->getMailer(),
-					$server->getL10N('encryption'),
-					new QuestionHelper(),
-					$server->getSecureRandom()
-				);
-			}
-		);
-
-		$container->registerService('DecryptAll',
-			function (IAppContainer $c) {
-				return new DecryptAll(
-					$c->query('Util'),
-					$c->query('KeyManager'),
-					$c->query('Crypt'),
-					$c->query('Session'),
-					new QuestionHelper()
-				);
-			}
-		);
-
-	}
+    /** @var IManager */
+    private $encryptionManager;
+    /** @var IConfig */
+    private $config;
+
+    /**
+     * @param array $urlParams
+     * @param bool $encryptionSystemReady
+     */
+    public function __construct($urlParams = array(), $encryptionSystemReady = true) {
+        parent::__construct('encryption', $urlParams);
+        $this->encryptionManager = \OC::$server->getEncryptionManager();
+        $this->config = \OC::$server->getConfig();
+        $this->registerServices();
+        if($encryptionSystemReady === false) {
+            /** @var Session $session */
+            $session = $this->getContainer()->query('Session');
+            $session->setStatus(Session::RUN_MIGRATION);
+        }
+
+    }
+
+    public function setUp() {
+        if ($this->encryptionManager->isEnabled()) {
+            /** @var Setup $setup */
+            $setup = $this->getContainer()->query('UserSetup');
+            $setup->setupSystem();
+        }
+    }
+
+    /**
+     * register hooks
+     */
+    public function registerHooks() {
+        if (!$this->config->getSystemValue('maintenance', false)) {
+
+            $container = $this->getContainer();
+            $server = $container->getServer();
+            // Register our hooks and fire them.
+            $hookManager = new HookManager();
+
+            $hookManager->registerHook([
+                new UserHooks($container->query('KeyManager'),
+                    $server->getUserManager(),
+                    $server->getLogger(),
+                    $container->query('UserSetup'),
+                    $server->getUserSession(),
+                    $container->query('Util'),
+                    $container->query('Session'),
+                    $container->query('Crypt'),
+                    $container->query('Recovery'))
+            ]);
+
+            $hookManager->fireHooks();
+
+        } else {
+            // Logout user if we are in maintenance to force re-login
+            $this->getContainer()->getServer()->getUserSession()->logout();
+        }
+    }
+
+    public function registerEncryptionModule() {
+        $container = $this->getContainer();
+
+
+        $this->encryptionManager->registerEncryptionModule(
+            Encryption::ID,
+            Encryption::DISPLAY_NAME,
+            function() use ($container) {
+
+            return new Encryption(
+                $container->query('Crypt'),
+                $container->query('KeyManager'),
+                $container->query('Util'),
+                $container->query('Session'),
+                $container->query('EncryptAll'),
+                $container->query('DecryptAll'),
+                $container->getServer()->getLogger(),
+                $container->getServer()->getL10N($container->getAppName())
+            );
+        });
+
+    }
+
+    public function registerServices() {
+        $container = $this->getContainer();
+
+        $container->registerService('Crypt',
+            function (IAppContainer $c) {
+                $server = $c->getServer();
+                return new Crypt($server->getLogger(),
+                    $server->getUserSession(),
+                    $server->getConfig(),
+                    $server->getL10N($c->getAppName()));
+            });
+
+        $container->registerService('Session',
+            function (IAppContainer $c) {
+                $server = $c->getServer();
+                return new Session($server->getSession());
+            }
+        );
+
+        $container->registerService('KeyManager',
+            function (IAppContainer $c) {
+                $server = $c->getServer();
+
+                return new KeyManager($server->getEncryptionKeyStorage(),
+                    $c->query('Crypt'),
+                    $server->getConfig(),
+                    $server->getUserSession(),
+                    new Session($server->getSession()),
+                    $server->getLogger(),
+                    $c->query('Util')
+                );
+            });
+
+        $container->registerService('Recovery',
+            function (IAppContainer $c) {
+                $server = $c->getServer();
+
+                return new Recovery(
+                    $server->getUserSession(),
+                    $c->query('Crypt'),
+                    $server->getSecureRandom(),
+                    $c->query('KeyManager'),
+                    $server->getConfig(),
+                    $server->getEncryptionKeyStorage(),
+                    $server->getEncryptionFilesHelper(),
+                    new View());
+            });
+
+        $container->registerService('RecoveryController', function (IAppContainer $c) {
+            $server = $c->getServer();
+            return new RecoveryController(
+                $c->getAppName(),
+                $server->getRequest(),
+                $server->getConfig(),
+                $server->getL10N($c->getAppName()),
+                $c->query('Recovery'));
+        });
+
+        $container->registerService('StatusController', function (IAppContainer $c) {
+            $server = $c->getServer();
+            return new StatusController(
+                $c->getAppName(),
+                $server->getRequest(),
+                $server->getL10N($c->getAppName()),
+                $c->query('Session'),
+                $server->getEncryptionManager()
+            );
+        });
+
+        $container->registerService('SettingsController', function (IAppContainer $c) {
+            $server = $c->getServer();
+            return new SettingsController(
+                $c->getAppName(),
+                $server->getRequest(),
+                $server->getL10N($c->getAppName()),
+                $server->getUserManager(),
+                $server->getUserSession(),
+                $c->query('KeyManager'),
+                $c->query('Crypt'),
+                $c->query('Session'),
+                $server->getSession(),
+                $c->query('Util')
+            );
+        });
+
+        $container->registerService('UserSetup',
+            function (IAppContainer $c) {
+                $server = $c->getServer();
+                return new Setup($server->getLogger(),
+                    $server->getUserSession(),
+                    $c->query('Crypt'),
+                    $c->query('KeyManager'));
+            });
+
+        $container->registerService('Util',
+            function (IAppContainer $c) {
+                $server = $c->getServer();
+
+                return new Util(
+                    new View(),
+                    $c->query('Crypt'),
+                    $server->getLogger(),
+                    $server->getUserSession(),
+                    $server->getConfig(),
+                    $server->getUserManager());
+            });
+
+        $container->registerService('EncryptAll',
+            function (IAppContainer $c) {
+                $server = $c->getServer();
+                return new EncryptAll(
+                    $c->query('UserSetup'),
+                    $c->getServer()->getUserManager(),
+                    new View(),
+                    $c->query('KeyManager'),
+                    $c->query('Util'),
+                    $server->getConfig(),
+                    $server->getMailer(),
+                    $server->getL10N('encryption'),
+                    new QuestionHelper(),
+                    $server->getSecureRandom()
+                );
+            }
+        );
+
+        $container->registerService('DecryptAll',
+            function (IAppContainer $c) {
+                return new DecryptAll(
+                    $c->query('Util'),
+                    $c->query('KeyManager'),
+                    $c->query('Crypt'),
+                    $c->query('Session'),
+                    new QuestionHelper()
+                );
+            }
+        );
+
+    }
 }

Please login to merge, or discard this patch.

		@@ -126,7 +126,7 @@ discard block
		block discarded – undo
126	126	$this->recoveryKeyId = $this->config->getAppValue('encryption',
127	127	'recoveryKeyId');
128	128	if (empty($this->recoveryKeyId)) {
129		- $this->recoveryKeyId = 'recoveryKey_' . substr(md5(time()), 0, 8);
	129	+ $this->recoveryKeyId = 'recoveryKey_'.substr(md5(time()), 0, 8);
130	130	$this->config->setAppValue('encryption',
131	131	'recoveryKeyId',
132	132	$this->recoveryKeyId);
		@@ -135,14 +135,14 @@ discard block
		block discarded – undo
135	135	$this->publicShareKeyId = $this->config->getAppValue('encryption',
136	136	'publicShareKeyId');
137	137	if (empty($this->publicShareKeyId)) {
138		- $this->publicShareKeyId = 'pubShare_' . substr(md5(time()), 0, 8);
	138	+ $this->publicShareKeyId = 'pubShare_'.substr(md5(time()), 0, 8);
139	139	$this->config->setAppValue('encryption', 'publicShareKeyId', $this->publicShareKeyId);
140	140	}
141	141
142	142	$this->masterKeyId = $this->config->getAppValue('encryption',
143	143	'masterKeyId');
144	144	if (empty($this->masterKeyId)) {
145		- $this->masterKeyId = 'master_' . substr(md5(time()), 0, 8);
	145	+ $this->masterKeyId = 'master_'.substr(md5(time()), 0, 8);
146	146	$this->config->setAppValue('encryption', 'masterKeyId', $this->masterKeyId);
147	147	}
148	148
		@@ -160,13 +160,13 @@ discard block
		block discarded – undo
160	160
161	161	// Save public key
162	162	$this->keyStorage->setSystemUserKey(
163		- $this->publicShareKeyId . '.publicKey', $keyPair['publicKey'],
	163	+ $this->publicShareKeyId.'.publicKey', $keyPair['publicKey'],
164	164	Encryption::ID);
165	165
166	166	// Encrypt private key empty passphrase
167	167	$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], '');
168	168	$header = $this->crypt->generateHeader();
169		- $this->setSystemPrivateKey($this->publicShareKeyId, $header . $encryptedKey);
	169	+ $this->setSystemPrivateKey($this->publicShareKeyId, $header.$encryptedKey);
170	170	}
171	171	}
172	172
		@@ -185,13 +185,13 @@ discard block
		block discarded – undo
185	185
186	186	// Save public key
187	187	$this->keyStorage->setSystemUserKey(
188		- $this->masterKeyId . '.publicKey', $keyPair['publicKey'],
	188	+ $this->masterKeyId.'.publicKey', $keyPair['publicKey'],
189	189	Encryption::ID);
190	190
191	191	// Encrypt private key with system password
192	192	$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $this->getMasterKeyPassword(), $this->masterKeyId);
193	193	$header = $this->crypt->generateHeader();
194		- $this->setSystemPrivateKey($this->masterKeyId, $header . $encryptedKey);
	194	+ $this->setSystemPrivateKey($this->masterKeyId, $header.$encryptedKey);
195	195	}
196	196
197	197	if (!$this->session->isPrivateKeySet()) {
		@@ -218,7 +218,7 @@ discard block
		block discarded – undo
218	218	* @return string
219	219	*/
220	220	public function getRecoveryKey() {
221		- return $this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.publicKey', Encryption::ID);
	221	+ return $this->keyStorage->getSystemUserKey($this->recoveryKeyId.'.publicKey', Encryption::ID);
222	222	}
223	223
224	224	/**
		@@ -235,7 +235,7 @@ discard block
		block discarded – undo
235	235	* @return bool
236	236	*/
237	237	public function checkRecoveryPassword($password) {
238		- $recoveryKey = $this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.privateKey', Encryption::ID);
	238	+ $recoveryKey = $this->keyStorage->getSystemUserKey($this->recoveryKeyId.'.privateKey', Encryption::ID);
239	239	$decryptedRecoveryKey = $this->crypt->decryptPrivateKey($recoveryKey, $password);
240	240
241	241	if ($decryptedRecoveryKey) {
		@@ -259,7 +259,7 @@ discard block
		block discarded – undo
259	259	$header = $this->crypt->generateHeader();
260	260
261	261	if ($encryptedKey) {
262		- $this->setPrivateKey($uid, $header . $encryptedKey);
	262	+ $this->setPrivateKey($uid, $header.$encryptedKey);
263	263	return true;
264	264	}
265	265	return false;
		@@ -281,7 +281,7 @@ discard block
		block discarded – undo
281	281	$header = $this->crypt->generateHeader();
282	282
283	283	if ($encryptedKey) {
284		- $this->setSystemPrivateKey($this->getRecoveryKeyId(), $header . $encryptedKey);
	284	+ $this->setSystemPrivateKey($this->getRecoveryKeyId(), $header.$encryptedKey);
285	285	return true;
286	286	}
287	287	return false;
		@@ -341,7 +341,7 @@ discard block
		block discarded – undo
341	341	* @return boolean
342	342	*/
343	343	public function setShareKey($path, $uid, $key) {
344		- $keyId = $uid . '.' . $this->shareKeyId;
	344	+ $keyId = $uid.'.'.$this->shareKeyId;
345	345	return $this->keyStorage->setFileKey($path, $keyId, $key, Encryption::ID);
346	346	}
347	347
		@@ -357,7 +357,7 @@ discard block
		block discarded – undo
357	357	$this->session->setStatus(Session::INIT_EXECUTED);
358	358
359	359	try {
360		- if($this->util->isMasterKeyEnabled()) {
	360	+ if ($this->util->isMasterKeyEnabled()) {
361	361	$uid = $this->getMasterKeyId();
362	362	$passPhrase = $this->getMasterKeyPassword();
363	363	$privateKey = $this->getSystemPrivateKey($uid);
		@@ -371,7 +371,7 @@ discard block
		block discarded – undo
371	371	return false;
372	372	} catch (\Exception $e) {
373	373	$this->log->warning(
374		- 'Could not decrypt the private key from user "' . $uid . '"" during login. ' .
	374	+ 'Could not decrypt the private key from user "'.$uid.'"" during login. '.
375	375	'Assume password change on the user back-end. Error message: '
376	376	. $e->getMessage()
377	377	);
		@@ -432,7 +432,7 @@ discard block
		block discarded – undo
432	432	// use public share key for public links
433	433	$uid = $this->getPublicShareKeyId();
434	434	$shareKey = $this->getShareKey($path, $uid);
435		- $privateKey = $this->keyStorage->getSystemUserKey($this->publicShareKeyId . '.privateKey', Encryption::ID);
	435	+ $privateKey = $this->keyStorage->getSystemUserKey($this->publicShareKeyId.'.privateKey', Encryption::ID);
436	436	$privateKey = $this->crypt->decryptPrivateKey($privateKey);
437	437	} else {
438	438	$shareKey = $this->getShareKey($path, $uid);
		@@ -457,7 +457,7 @@ discard block
		block discarded – undo
457	457	*/
458	458	public function getVersion($path, View $view) {
459	459	$fileInfo = $view->getFileInfo($path);
460		- if($fileInfo === false) {
	460	+ if ($fileInfo === false) {
461	461	return 0;
462	462	}
463	463	return $fileInfo->getEncryptedVersion();
		@@ -471,9 +471,9 @@ discard block
		block discarded – undo
471	471	* @param View $view
472	472	*/
473	473	public function setVersion($path, $version, View $view) {
474		- $fileInfo= $view->getFileInfo($path);
	474	+ $fileInfo = $view->getFileInfo($path);
475	475
476		- if($fileInfo !== false) {
	476	+ if ($fileInfo !== false) {
477	477	$cache = $fileInfo->getStorage()->getCache();
478	478	$cache->update($fileInfo->getId(), ['encrypted' => $version, 'encryptedVersion' => $version]);
479	479	}
		@@ -502,7 +502,7 @@ discard block
		block discarded – undo
502	502	public function deleteShareKey($path, $keyId) {
503	503	return $this->keyStorage->deleteFileKey(
504	504	$path,
505		- $keyId . '.' . $this->shareKeyId,
	505	+ $keyId.'.'.$this->shareKeyId,
506	506	Encryption::ID);
507	507	}
508	508
		@@ -513,7 +513,7 @@ discard block
		block discarded – undo
513	513	* @return mixed
514	514	*/
515	515	public function getShareKey($path, $uid) {
516		- $keyId = $uid . '.' . $this->shareKeyId;
	516	+ $keyId = $uid.'.'.$this->shareKeyId;
517	517	return $this->keyStorage->getFileKey($path, $keyId, Encryption::ID);
518	518	}
519	519
		@@ -575,7 +575,7 @@ discard block
		block discarded – undo
575	575	* @return string
576	576	*/
577	577	public function getPublicShareKey() {
578		- return $this->keyStorage->getSystemUserKey($this->publicShareKeyId . '.publicKey', Encryption::ID);
	578	+ return $this->keyStorage->getSystemUserKey($this->publicShareKeyId.'.publicKey', Encryption::ID);
579	579	}
580	580
581	581	/**
		@@ -645,7 +645,7 @@ discard block
		block discarded – undo
645	645	* @return string returns openssl key
646	646	*/
647	647	public function getSystemPrivateKey($keyId) {
648		- return $this->keyStorage->getSystemUserKey($keyId . '.' . $this->privateKeyId, Encryption::ID);
	648	+ return $this->keyStorage->getSystemUserKey($keyId.'.'.$this->privateKeyId, Encryption::ID);
649	649	}
650	650
651	651	/**
		@@ -655,7 +655,7 @@ discard block
		block discarded – undo
655	655	*/
656	656	public function setSystemPrivateKey($keyId, $key) {
657	657	return $this->keyStorage->setSystemUserKey(
658		- $keyId . '.' . $this->privateKeyId,
	658	+ $keyId.'.'.$this->privateKeyId,
659	659	$key,
660	660	Encryption::ID);
661	661	}
		@@ -695,7 +695,7 @@ discard block
		block discarded – undo
695	695	*/
696	696	public function getMasterKeyPassword() {
697	697	$password = $this->config->getSystemValue('secret');
698		- if (empty($password)){
	698	+ if (empty($password)) {
699	699	throw new \Exception('Can not get secret from Nextcloud instance');
700	700	}
701	701
		@@ -717,6 +717,6 @@ discard block
		block discarded – undo
717	717	* @return string
718	718	*/
719	719	public function getPublicMasterKey() {
720		- return $this->keyStorage->getSystemUserKey($this->masterKeyId . '.publicKey', Encryption::ID);
	720	+ return $this->keyStorage->getSystemUserKey($this->masterKeyId.'.publicKey', Encryption::ID);
721	721	}
722	722	}

		@@ -48,226 +48,226 @@
		block discarded – undo
48	48
49	49	class Application extends \OCP\AppFramework\App {
50	50
51		- /** @var IManager */
52		- private $encryptionManager;
53		- /** @var IConfig */
54		- private $config;
55		-
56		- /**
57		- * @param array $urlParams
58		- * @param bool $encryptionSystemReady
59		- */
60		- public function __construct($urlParams = array(), $encryptionSystemReady = true) {
61		- parent::__construct('encryption', $urlParams);
62		- $this->encryptionManager = \OC::$server->getEncryptionManager();
63		- $this->config = \OC::$server->getConfig();
64		- $this->registerServices();
65		- if($encryptionSystemReady === false) {
66		- /** @var Session $session */
67		- $session = $this->getContainer()->query('Session');
68		- $session->setStatus(Session::RUN_MIGRATION);
69		- }
70		-
71		- }
72		-
73		- public function setUp() {
74		- if ($this->encryptionManager->isEnabled()) {
75		- /** @var Setup $setup */
76		- $setup = $this->getContainer()->query('UserSetup');
77		- $setup->setupSystem();
78		- }
79		- }
80		-
81		- /**
82		- * register hooks
83		- */
84		- public function registerHooks() {
85		- if (!$this->config->getSystemValue('maintenance', false)) {
86		-
87		- $container = $this->getContainer();
88		- $server = $container->getServer();
89		- // Register our hooks and fire them.
90		- $hookManager = new HookManager();
91		-
92		- $hookManager->registerHook([
93		- new UserHooks($container->query('KeyManager'),
94		- $server->getUserManager(),
95		- $server->getLogger(),
96		- $container->query('UserSetup'),
97		- $server->getUserSession(),
98		- $container->query('Util'),
99		- $container->query('Session'),
100		- $container->query('Crypt'),
101		- $container->query('Recovery'))
102		- ]);
103		-
104		- $hookManager->fireHooks();
105		-
106		- } else {
107		- // Logout user if we are in maintenance to force re-login
108		- $this->getContainer()->getServer()->getUserSession()->logout();
109		- }
110		- }
111		-
112		- public function registerEncryptionModule() {
113		- $container = $this->getContainer();
114		-
115		-
116		- $this->encryptionManager->registerEncryptionModule(
117		- Encryption::ID,
118		- Encryption::DISPLAY_NAME,
119		- function() use ($container) {
120		-
121		- return new Encryption(
122		- $container->query('Crypt'),
123		- $container->query('KeyManager'),
124		- $container->query('Util'),
125		- $container->query('Session'),
126		- $container->query('EncryptAll'),
127		- $container->query('DecryptAll'),
128		- $container->getServer()->getLogger(),
129		- $container->getServer()->getL10N($container->getAppName())
130		- );
131		- });
132		-
133		- }
134		-
135		- public function registerServices() {
136		- $container = $this->getContainer();
137		-
138		- $container->registerService('Crypt',
139		- function (IAppContainer $c) {
140		- $server = $c->getServer();
141		- return new Crypt($server->getLogger(),
142		- $server->getUserSession(),
143		- $server->getConfig(),
144		- $server->getL10N($c->getAppName()));
145		- });
146		-
147		- $container->registerService('Session',
148		- function (IAppContainer $c) {
149		- $server = $c->getServer();
150		- return new Session($server->getSession());
151		- }
152		- );
153		-
154		- $container->registerService('KeyManager',
155		- function (IAppContainer $c) {
156		- $server = $c->getServer();
157		-
158		- return new KeyManager($server->getEncryptionKeyStorage(),
159		- $c->query('Crypt'),
160		- $server->getConfig(),
161		- $server->getUserSession(),
162		- new Session($server->getSession()),
163		- $server->getLogger(),
164		- $c->query('Util')
165		- );
166		- });
167		-
168		- $container->registerService('Recovery',
169		- function (IAppContainer $c) {
170		- $server = $c->getServer();
171		-
172		- return new Recovery(
173		- $server->getUserSession(),
174		- $c->query('Crypt'),
175		- $server->getSecureRandom(),
176		- $c->query('KeyManager'),
177		- $server->getConfig(),
178		- $server->getEncryptionKeyStorage(),
179		- $server->getEncryptionFilesHelper(),
180		- new View());
181		- });
182		-
183		- $container->registerService('RecoveryController', function (IAppContainer $c) {
184		- $server = $c->getServer();
185		- return new RecoveryController(
186		- $c->getAppName(),
187		- $server->getRequest(),
188		- $server->getConfig(),
189		- $server->getL10N($c->getAppName()),
190		- $c->query('Recovery'));
191		- });
192		-
193		- $container->registerService('StatusController', function (IAppContainer $c) {
194		- $server = $c->getServer();
195		- return new StatusController(
196		- $c->getAppName(),
197		- $server->getRequest(),
198		- $server->getL10N($c->getAppName()),
199		- $c->query('Session'),
200		- $server->getEncryptionManager()
201		- );
202		- });
203		-
204		- $container->registerService('SettingsController', function (IAppContainer $c) {
205		- $server = $c->getServer();
206		- return new SettingsController(
207		- $c->getAppName(),
208		- $server->getRequest(),
209		- $server->getL10N($c->getAppName()),
210		- $server->getUserManager(),
211		- $server->getUserSession(),
212		- $c->query('KeyManager'),
213		- $c->query('Crypt'),
214		- $c->query('Session'),
215		- $server->getSession(),
216		- $c->query('Util')
217		- );
218		- });
219		-
220		- $container->registerService('UserSetup',
221		- function (IAppContainer $c) {
222		- $server = $c->getServer();
223		- return new Setup($server->getLogger(),
224		- $server->getUserSession(),
225		- $c->query('Crypt'),
226		- $c->query('KeyManager'));
227		- });
228		-
229		- $container->registerService('Util',
230		- function (IAppContainer $c) {
231		- $server = $c->getServer();
232		-
233		- return new Util(
234		- new View(),
235		- $c->query('Crypt'),
236		- $server->getLogger(),
237		- $server->getUserSession(),
238		- $server->getConfig(),
239		- $server->getUserManager());
240		- });
241		-
242		- $container->registerService('EncryptAll',
243		- function (IAppContainer $c) {
244		- $server = $c->getServer();
245		- return new EncryptAll(
246		- $c->query('UserSetup'),
247		- $c->getServer()->getUserManager(),
248		- new View(),
249		- $c->query('KeyManager'),
250		- $c->query('Util'),
251		- $server->getConfig(),
252		- $server->getMailer(),
253		- $server->getL10N('encryption'),
254		- new QuestionHelper(),
255		- $server->getSecureRandom()
256		- );
257		- }
258		- );
259		-
260		- $container->registerService('DecryptAll',
261		- function (IAppContainer $c) {
262		- return new DecryptAll(
263		- $c->query('Util'),
264		- $c->query('KeyManager'),
265		- $c->query('Crypt'),
266		- $c->query('Session'),
267		- new QuestionHelper()
268		- );
269		- }
270		- );
271		-
272		- }
	51	+ /** @var IManager */
	52	+ private $encryptionManager;
	53	+ /** @var IConfig */
	54	+ private $config;
	55	+
	56	+ /**
	57	+ * @param array $urlParams
	58	+ * @param bool $encryptionSystemReady
	59	+ */
	60	+ public function __construct($urlParams = array(), $encryptionSystemReady = true) {
	61	+ parent::__construct('encryption', $urlParams);
	62	+ $this->encryptionManager = \OC::$server->getEncryptionManager();
	63	+ $this->config = \OC::$server->getConfig();
	64	+ $this->registerServices();
	65	+ if($encryptionSystemReady === false) {
	66	+ /** @var Session $session */
	67	+ $session = $this->getContainer()->query('Session');
	68	+ $session->setStatus(Session::RUN_MIGRATION);
	69	+ }
	70	+
	71	+ }
	72	+
	73	+ public function setUp() {
	74	+ if ($this->encryptionManager->isEnabled()) {
	75	+ /** @var Setup $setup */
	76	+ $setup = $this->getContainer()->query('UserSetup');
	77	+ $setup->setupSystem();
	78	+ }
	79	+ }
	80	+
	81	+ /**
	82	+ * register hooks
	83	+ */
	84	+ public function registerHooks() {
	85	+ if (!$this->config->getSystemValue('maintenance', false)) {
	86	+
	87	+ $container = $this->getContainer();
	88	+ $server = $container->getServer();
	89	+ // Register our hooks and fire them.
	90	+ $hookManager = new HookManager();
	91	+
	92	+ $hookManager->registerHook([
	93	+ new UserHooks($container->query('KeyManager'),
	94	+ $server->getUserManager(),
	95	+ $server->getLogger(),
	96	+ $container->query('UserSetup'),
	97	+ $server->getUserSession(),
	98	+ $container->query('Util'),
	99	+ $container->query('Session'),
	100	+ $container->query('Crypt'),
	101	+ $container->query('Recovery'))
	102	+ ]);
	103	+
	104	+ $hookManager->fireHooks();
	105	+
	106	+ } else {
	107	+ // Logout user if we are in maintenance to force re-login
	108	+ $this->getContainer()->getServer()->getUserSession()->logout();
	109	+ }
	110	+ }
	111	+
	112	+ public function registerEncryptionModule() {
	113	+ $container = $this->getContainer();
	114	+
	115	+
	116	+ $this->encryptionManager->registerEncryptionModule(
	117	+ Encryption::ID,
	118	+ Encryption::DISPLAY_NAME,
	119	+ function() use ($container) {
	120	+
	121	+ return new Encryption(
	122	+ $container->query('Crypt'),
	123	+ $container->query('KeyManager'),
	124	+ $container->query('Util'),
	125	+ $container->query('Session'),
	126	+ $container->query('EncryptAll'),
	127	+ $container->query('DecryptAll'),
	128	+ $container->getServer()->getLogger(),
	129	+ $container->getServer()->getL10N($container->getAppName())
	130	+ );
	131	+ });
	132	+
	133	+ }
	134	+
	135	+ public function registerServices() {
	136	+ $container = $this->getContainer();
	137	+
	138	+ $container->registerService('Crypt',
	139	+ function (IAppContainer $c) {
	140	+ $server = $c->getServer();
	141	+ return new Crypt($server->getLogger(),
	142	+ $server->getUserSession(),
	143	+ $server->getConfig(),
	144	+ $server->getL10N($c->getAppName()));
	145	+ });
	146	+
	147	+ $container->registerService('Session',
	148	+ function (IAppContainer $c) {
	149	+ $server = $c->getServer();
	150	+ return new Session($server->getSession());
	151	+ }
	152	+ );
	153	+
	154	+ $container->registerService('KeyManager',
	155	+ function (IAppContainer $c) {
	156	+ $server = $c->getServer();
	157	+
	158	+ return new KeyManager($server->getEncryptionKeyStorage(),
	159	+ $c->query('Crypt'),
	160	+ $server->getConfig(),
	161	+ $server->getUserSession(),
	162	+ new Session($server->getSession()),
	163	+ $server->getLogger(),
	164	+ $c->query('Util')
	165	+ );
	166	+ });
	167	+
	168	+ $container->registerService('Recovery',
	169	+ function (IAppContainer $c) {
	170	+ $server = $c->getServer();
	171	+
	172	+ return new Recovery(
	173	+ $server->getUserSession(),
	174	+ $c->query('Crypt'),
	175	+ $server->getSecureRandom(),
	176	+ $c->query('KeyManager'),
	177	+ $server->getConfig(),
	178	+ $server->getEncryptionKeyStorage(),
	179	+ $server->getEncryptionFilesHelper(),
	180	+ new View());
	181	+ });
	182	+
	183	+ $container->registerService('RecoveryController', function (IAppContainer $c) {
	184	+ $server = $c->getServer();
	185	+ return new RecoveryController(
	186	+ $c->getAppName(),
	187	+ $server->getRequest(),
	188	+ $server->getConfig(),
	189	+ $server->getL10N($c->getAppName()),
	190	+ $c->query('Recovery'));
	191	+ });
	192	+
	193	+ $container->registerService('StatusController', function (IAppContainer $c) {
	194	+ $server = $c->getServer();
	195	+ return new StatusController(
	196	+ $c->getAppName(),
	197	+ $server->getRequest(),
	198	+ $server->getL10N($c->getAppName()),
	199	+ $c->query('Session'),
	200	+ $server->getEncryptionManager()
	201	+ );
	202	+ });
	203	+
	204	+ $container->registerService('SettingsController', function (IAppContainer $c) {
	205	+ $server = $c->getServer();
	206	+ return new SettingsController(
	207	+ $c->getAppName(),
	208	+ $server->getRequest(),
	209	+ $server->getL10N($c->getAppName()),
	210	+ $server->getUserManager(),
	211	+ $server->getUserSession(),
	212	+ $c->query('KeyManager'),
	213	+ $c->query('Crypt'),
	214	+ $c->query('Session'),
	215	+ $server->getSession(),
	216	+ $c->query('Util')
	217	+ );
	218	+ });
	219	+
	220	+ $container->registerService('UserSetup',
	221	+ function (IAppContainer $c) {
	222	+ $server = $c->getServer();
	223	+ return new Setup($server->getLogger(),
	224	+ $server->getUserSession(),
	225	+ $c->query('Crypt'),
	226	+ $c->query('KeyManager'));
	227	+ });
	228	+
	229	+ $container->registerService('Util',
	230	+ function (IAppContainer $c) {
	231	+ $server = $c->getServer();
	232	+
	233	+ return new Util(
	234	+ new View(),
	235	+ $c->query('Crypt'),
	236	+ $server->getLogger(),
	237	+ $server->getUserSession(),
	238	+ $server->getConfig(),
	239	+ $server->getUserManager());
	240	+ });
	241	+
	242	+ $container->registerService('EncryptAll',
	243	+ function (IAppContainer $c) {
	244	+ $server = $c->getServer();
	245	+ return new EncryptAll(
	246	+ $c->query('UserSetup'),
	247	+ $c->getServer()->getUserManager(),
	248	+ new View(),
	249	+ $c->query('KeyManager'),
	250	+ $c->query('Util'),
	251	+ $server->getConfig(),
	252	+ $server->getMailer(),
	253	+ $server->getL10N('encryption'),
	254	+ new QuestionHelper(),
	255	+ $server->getSecureRandom()
	256	+ );
	257	+ }
	258	+ );
	259	+
	260	+ $container->registerService('DecryptAll',
	261	+ function (IAppContainer $c) {
	262	+ return new DecryptAll(
	263	+ $c->query('Util'),
	264	+ $c->query('KeyManager'),
	265	+ $c->query('Crypt'),
	266	+ $c->query('Session'),
	267	+ new QuestionHelper()
	268	+ );
	269	+ }
	270	+ );
	271	+
	272	+ }
273	273	}

nextcloud / server

Pull Request — master (#5174)

Status

Category

Indentation +681 added lines, -681 removed lines patch added patch discarded remove patch

Spacing +25 added lines, -25 removed lines patch added patch discarded remove patch

Indentation +974 added lines, -974 removed lines patch added patch discarded remove patch

Indentation +222 added lines, -222 removed lines patch added patch discarded remove patch