nextcloud /
server
@@ -36,11 +36,11 @@ |
||
| 36 | 36 | // only legacy checkboxes (Advanced and Expert tab) need to be handled here, |
| 37 | 37 | // the Wizard-like tabs handle it on their own |
| 38 | 38 | $chkboxes = ['ldap_configuration_active', 'ldap_override_main_server', |
| 39 | - 'ldap_turn_off_cert_check']; |
|
| 39 | + 'ldap_turn_off_cert_check']; |
|
| 40 | 40 | foreach ($chkboxes as $boxid) { |
| 41 | - if (!isset($_POST[$boxid])) { |
|
| 42 | - $_POST[$boxid] = 0; |
|
| 43 | - } |
|
| 41 | + if (!isset($_POST[$boxid])) { |
|
| 42 | + $_POST[$boxid] = 0; |
|
| 43 | + } |
|
| 44 | 44 | } |
| 45 | 45 | |
| 46 | 46 | $ldapWrapper = new OCA\User_LDAP\LDAP(); |
@@ -30,7 +30,7 @@ |
||
| 30 | 30 | \OC_JSON::checkAppEnabled('user_ldap'); |
| 31 | 31 | \OC_JSON::callCheck(); |
| 32 | 32 | |
| 33 | -$prefix = (string)$_POST['ldap_serverconfig_chooser']; |
|
| 33 | +$prefix = (string) $_POST['ldap_serverconfig_chooser']; |
|
| 34 | 34 | |
| 35 | 35 | // Checkboxes are not submitted, when they are unchecked. Set them manually. |
| 36 | 36 | // only legacy checkboxes (Advanced and Expert tab) need to be handled here, |
@@ -39,13 +39,13 @@ |
||
| 39 | 39 | if (!isset($_POST['action'])) { |
| 40 | 40 | \OC_JSON::error(['message' => $l->t('No action specified')]); |
| 41 | 41 | } |
| 42 | -$action = (string)$_POST['action']; |
|
| 42 | +$action = (string) $_POST['action']; |
|
| 43 | 43 | |
| 44 | 44 | |
| 45 | 45 | if (!isset($_POST['ldap_serverconfig_chooser'])) { |
| 46 | 46 | \OC_JSON::error(['message' => $l->t('No configuration specified')]); |
| 47 | 47 | } |
| 48 | -$prefix = (string)$_POST['ldap_serverconfig_chooser']; |
|
| 48 | +$prefix = (string) $_POST['ldap_serverconfig_chooser']; |
|
| 49 | 49 | |
| 50 | 50 | $ldapWrapper = new \OCA\User_LDAP\LDAP(); |
| 51 | 51 | $configuration = new \OCA\User_LDAP\Configuration($prefix); |
@@ -34,12 +34,12 @@ discard block |
||
| 34 | 34 | $l = \OC::$server->getL10N('user_ldap'); |
| 35 | 35 | |
| 36 | 36 | if (!isset($_POST['action'])) { |
| 37 | - \OC_JSON::error(['message' => $l->t('No action specified')]); |
|
| 37 | + \OC_JSON::error(['message' => $l->t('No action specified')]); |
|
| 38 | 38 | } |
| 39 | 39 | $action = (string)$_POST['action']; |
| 40 | 40 | |
| 41 | 41 | if (!isset($_POST['ldap_serverconfig_chooser'])) { |
| 42 | - \OC_JSON::error(['message' => $l->t('No configuration specified')]); |
|
| 42 | + \OC_JSON::error(['message' => $l->t('No configuration specified')]); |
|
| 43 | 43 | } |
| 44 | 44 | $prefix = (string)$_POST['ldap_serverconfig_chooser']; |
| 45 | 45 | |
@@ -57,79 +57,79 @@ discard block |
||
| 57 | 57 | $wizard = new \OCA\User_LDAP\Wizard($configuration, $ldapWrapper, $access); |
| 58 | 58 | |
| 59 | 59 | switch ($action) { |
| 60 | - case 'guessPortAndTLS': |
|
| 61 | - case 'guessBaseDN': |
|
| 62 | - case 'detectEmailAttribute': |
|
| 63 | - case 'detectUserDisplayNameAttribute': |
|
| 64 | - case 'determineGroupMemberAssoc': |
|
| 65 | - case 'determineUserObjectClasses': |
|
| 66 | - case 'determineGroupObjectClasses': |
|
| 67 | - case 'determineGroupsForUsers': |
|
| 68 | - case 'determineGroupsForGroups': |
|
| 69 | - case 'determineAttributes': |
|
| 70 | - case 'getUserListFilter': |
|
| 71 | - case 'getUserLoginFilter': |
|
| 72 | - case 'getGroupFilter': |
|
| 73 | - case 'countUsers': |
|
| 74 | - case 'countGroups': |
|
| 75 | - case 'countInBaseDN': |
|
| 76 | - try { |
|
| 77 | - $result = $wizard->$action(); |
|
| 78 | - if ($result !== false) { |
|
| 79 | - \OC_JSON::success($result->getResultArray()); |
|
| 80 | - exit; |
|
| 81 | - } |
|
| 82 | - } catch (\Exception $e) { |
|
| 83 | - \OC_JSON::error(['message' => $e->getMessage(), 'code' => $e->getCode()]); |
|
| 84 | - exit; |
|
| 85 | - } |
|
| 86 | - \OC_JSON::error(); |
|
| 87 | - exit; |
|
| 88 | - break; |
|
| 60 | + case 'guessPortAndTLS': |
|
| 61 | + case 'guessBaseDN': |
|
| 62 | + case 'detectEmailAttribute': |
|
| 63 | + case 'detectUserDisplayNameAttribute': |
|
| 64 | + case 'determineGroupMemberAssoc': |
|
| 65 | + case 'determineUserObjectClasses': |
|
| 66 | + case 'determineGroupObjectClasses': |
|
| 67 | + case 'determineGroupsForUsers': |
|
| 68 | + case 'determineGroupsForGroups': |
|
| 69 | + case 'determineAttributes': |
|
| 70 | + case 'getUserListFilter': |
|
| 71 | + case 'getUserLoginFilter': |
|
| 72 | + case 'getGroupFilter': |
|
| 73 | + case 'countUsers': |
|
| 74 | + case 'countGroups': |
|
| 75 | + case 'countInBaseDN': |
|
| 76 | + try { |
|
| 77 | + $result = $wizard->$action(); |
|
| 78 | + if ($result !== false) { |
|
| 79 | + \OC_JSON::success($result->getResultArray()); |
|
| 80 | + exit; |
|
| 81 | + } |
|
| 82 | + } catch (\Exception $e) { |
|
| 83 | + \OC_JSON::error(['message' => $e->getMessage(), 'code' => $e->getCode()]); |
|
| 84 | + exit; |
|
| 85 | + } |
|
| 86 | + \OC_JSON::error(); |
|
| 87 | + exit; |
|
| 88 | + break; |
|
| 89 | 89 | |
| 90 | - case 'testLoginName': { |
|
| 91 | - try { |
|
| 92 | - $loginName = $_POST['ldap_test_loginname']; |
|
| 93 | - $result = $wizard->$action($loginName); |
|
| 94 | - if ($result !== false) { |
|
| 95 | - \OC_JSON::success($result->getResultArray()); |
|
| 96 | - exit; |
|
| 97 | - } |
|
| 98 | - } catch (\Exception $e) { |
|
| 99 | - \OC_JSON::error(['message' => $e->getMessage()]); |
|
| 100 | - exit; |
|
| 101 | - } |
|
| 102 | - \OC_JSON::error(); |
|
| 103 | - exit; |
|
| 104 | - break; |
|
| 105 | - } |
|
| 90 | + case 'testLoginName': { |
|
| 91 | + try { |
|
| 92 | + $loginName = $_POST['ldap_test_loginname']; |
|
| 93 | + $result = $wizard->$action($loginName); |
|
| 94 | + if ($result !== false) { |
|
| 95 | + \OC_JSON::success($result->getResultArray()); |
|
| 96 | + exit; |
|
| 97 | + } |
|
| 98 | + } catch (\Exception $e) { |
|
| 99 | + \OC_JSON::error(['message' => $e->getMessage()]); |
|
| 100 | + exit; |
|
| 101 | + } |
|
| 102 | + \OC_JSON::error(); |
|
| 103 | + exit; |
|
| 104 | + break; |
|
| 105 | + } |
|
| 106 | 106 | |
| 107 | - case 'save': |
|
| 108 | - $key = isset($_POST['cfgkey']) ? $_POST['cfgkey'] : false; |
|
| 109 | - $val = isset($_POST['cfgval']) ? $_POST['cfgval'] : null; |
|
| 110 | - if ($key === false || is_null($val)) { |
|
| 111 | - \OC_JSON::error(['message' => $l->t('No data specified')]); |
|
| 112 | - exit; |
|
| 113 | - } |
|
| 114 | - if (is_array($key)) { |
|
| 115 | - \OC_JSON::error(['message' => $l->t('Invalid data specified')]); |
|
| 116 | - exit; |
|
| 117 | - } |
|
| 118 | - $cfg = [$key => $val]; |
|
| 119 | - $setParameters = []; |
|
| 120 | - $configuration->setConfiguration($cfg, $setParameters); |
|
| 121 | - if (!in_array($key, $setParameters)) { |
|
| 122 | - \OC_JSON::error(['message' => $l->t($key. |
|
| 123 | - ' Could not set configuration %s', $setParameters[0])]); |
|
| 124 | - exit; |
|
| 125 | - } |
|
| 126 | - $configuration->saveConfiguration(); |
|
| 127 | - //clear the cache on save |
|
| 128 | - $connection = new \OCA\User_LDAP\Connection($ldapWrapper, $prefix); |
|
| 129 | - $connection->clearCache(); |
|
| 130 | - \OC_JSON::success(); |
|
| 131 | - break; |
|
| 132 | - default: |
|
| 133 | - \OC_JSON::error(['message' => $l->t('Action does not exist')]); |
|
| 134 | - break; |
|
| 107 | + case 'save': |
|
| 108 | + $key = isset($_POST['cfgkey']) ? $_POST['cfgkey'] : false; |
|
| 109 | + $val = isset($_POST['cfgval']) ? $_POST['cfgval'] : null; |
|
| 110 | + if ($key === false || is_null($val)) { |
|
| 111 | + \OC_JSON::error(['message' => $l->t('No data specified')]); |
|
| 112 | + exit; |
|
| 113 | + } |
|
| 114 | + if (is_array($key)) { |
|
| 115 | + \OC_JSON::error(['message' => $l->t('Invalid data specified')]); |
|
| 116 | + exit; |
|
| 117 | + } |
|
| 118 | + $cfg = [$key => $val]; |
|
| 119 | + $setParameters = []; |
|
| 120 | + $configuration->setConfiguration($cfg, $setParameters); |
|
| 121 | + if (!in_array($key, $setParameters)) { |
|
| 122 | + \OC_JSON::error(['message' => $l->t($key. |
|
| 123 | + ' Could not set configuration %s', $setParameters[0])]); |
|
| 124 | + exit; |
|
| 125 | + } |
|
| 126 | + $configuration->saveConfiguration(); |
|
| 127 | + //clear the cache on save |
|
| 128 | + $connection = new \OCA\User_LDAP\Connection($ldapWrapper, $prefix); |
|
| 129 | + $connection->clearCache(); |
|
| 130 | + \OC_JSON::success(); |
|
| 131 | + break; |
|
| 132 | + default: |
|
| 133 | + \OC_JSON::error(['message' => $l->t('Action does not exist')]); |
|
| 134 | + break; |
|
| 135 | 135 | } |
@@ -126,7 +126,7 @@ discard block |
||
| 126 | 126 | $encryptedRecoveryKey = $this->crypt->encryptPrivateKey($decryptedRecoveryKey, $newPassword); |
| 127 | 127 | $header = $this->crypt->generateHeader(); |
| 128 | 128 | if ($encryptedRecoveryKey) { |
| 129 | - $this->keyManager->setSystemPrivateKey($this->keyManager->getRecoveryKeyId(), $header . $encryptedRecoveryKey); |
|
| 129 | + $this->keyManager->setSystemPrivateKey($this->keyManager->getRecoveryKeyId(), $header.$encryptedRecoveryKey); |
|
| 130 | 130 | return true; |
| 131 | 131 | } |
| 132 | 132 | return false; |
@@ -187,9 +187,9 @@ discard block |
||
| 187 | 187 | $value); |
| 188 | 188 | |
| 189 | 189 | if ($value === '1') { |
| 190 | - $this->addRecoveryKeys('/' . $this->user->getUID() . '/files/'); |
|
| 190 | + $this->addRecoveryKeys('/'.$this->user->getUID().'/files/'); |
|
| 191 | 191 | } else { |
| 192 | - $this->removeRecoveryKeys('/' . $this->user->getUID() . '/files/'); |
|
| 192 | + $this->removeRecoveryKeys('/'.$this->user->getUID().'/files/'); |
|
| 193 | 193 | } |
| 194 | 194 | |
| 195 | 195 | return true; |
@@ -207,7 +207,7 @@ discard block |
||
| 207 | 207 | foreach ($dirContent as $item) { |
| 208 | 208 | $filePath = $item->getPath(); |
| 209 | 209 | if ($item['type'] === 'dir') { |
| 210 | - $this->addRecoveryKeys($filePath . '/'); |
|
| 210 | + $this->addRecoveryKeys($filePath.'/'); |
|
| 211 | 211 | } else { |
| 212 | 212 | $fileKey = $this->keyManager->getFileKey($filePath, $this->user->getUID()); |
| 213 | 213 | if (!empty($fileKey)) { |
@@ -235,7 +235,7 @@ discard block |
||
| 235 | 235 | foreach ($dirContent as $item) { |
| 236 | 236 | $filePath = $item->getPath(); |
| 237 | 237 | if ($item['type'] === 'dir') { |
| 238 | - $this->removeRecoveryKeys($filePath . '/'); |
|
| 238 | + $this->removeRecoveryKeys($filePath.'/'); |
|
| 239 | 239 | } else { |
| 240 | 240 | $this->keyManager->deleteShareKey($filePath, $this->keyManager->getRecoveryKeyId()); |
| 241 | 241 | } |
@@ -253,7 +253,7 @@ discard block |
||
| 253 | 253 | |
| 254 | 254 | $privateKey = $this->crypt->decryptPrivateKey($encryptedKey, $recoveryPassword); |
| 255 | 255 | if ($privateKey !== false) { |
| 256 | - $this->recoverAllFiles('/' . $user . '/files/', $privateKey, $user); |
|
| 256 | + $this->recoverAllFiles('/'.$user.'/files/', $privateKey, $user); |
|
| 257 | 257 | } |
| 258 | 258 | } |
| 259 | 259 | |
@@ -271,7 +271,7 @@ discard block |
||
| 271 | 271 | // Get relative path from encryption/keyfiles |
| 272 | 272 | $filePath = $item->getPath(); |
| 273 | 273 | if ($this->view->is_dir($filePath)) { |
| 274 | - $this->recoverAllFiles($filePath . '/', $privateKey, $uid); |
|
| 274 | + $this->recoverAllFiles($filePath.'/', $privateKey, $uid); |
|
| 275 | 275 | } else { |
| 276 | 276 | $this->recoverFile($filePath, $privateKey, $uid); |
| 277 | 277 | } |
@@ -37,274 +37,274 @@ |
||
| 37 | 37 | class Recovery { |
| 38 | 38 | |
| 39 | 39 | |
| 40 | - /** |
|
| 41 | - * @var null|IUser |
|
| 42 | - */ |
|
| 43 | - protected $user; |
|
| 44 | - /** |
|
| 45 | - * @var Crypt |
|
| 46 | - */ |
|
| 47 | - protected $crypt; |
|
| 48 | - /** |
|
| 49 | - * @var KeyManager |
|
| 50 | - */ |
|
| 51 | - private $keyManager; |
|
| 52 | - /** |
|
| 53 | - * @var IConfig |
|
| 54 | - */ |
|
| 55 | - private $config; |
|
| 56 | - /** |
|
| 57 | - * @var View |
|
| 58 | - */ |
|
| 59 | - private $view; |
|
| 60 | - /** |
|
| 61 | - * @var IFile |
|
| 62 | - */ |
|
| 63 | - private $file; |
|
| 64 | - |
|
| 65 | - /** |
|
| 66 | - * @param IUserSession $userSession |
|
| 67 | - * @param Crypt $crypt |
|
| 68 | - * @param KeyManager $keyManager |
|
| 69 | - * @param IConfig $config |
|
| 70 | - * @param IFile $file |
|
| 71 | - * @param View $view |
|
| 72 | - */ |
|
| 73 | - public function __construct(IUserSession $userSession, |
|
| 74 | - Crypt $crypt, |
|
| 75 | - KeyManager $keyManager, |
|
| 76 | - IConfig $config, |
|
| 77 | - IFile $file, |
|
| 78 | - View $view) { |
|
| 79 | - $this->user = ($userSession->isLoggedIn()) ? $userSession->getUser() : null; |
|
| 80 | - $this->crypt = $crypt; |
|
| 81 | - $this->keyManager = $keyManager; |
|
| 82 | - $this->config = $config; |
|
| 83 | - $this->view = $view; |
|
| 84 | - $this->file = $file; |
|
| 85 | - } |
|
| 86 | - |
|
| 87 | - /** |
|
| 88 | - * @param string $password |
|
| 89 | - * @return bool |
|
| 90 | - */ |
|
| 91 | - public function enableAdminRecovery($password) { |
|
| 92 | - $appConfig = $this->config; |
|
| 93 | - $keyManager = $this->keyManager; |
|
| 94 | - |
|
| 95 | - if (!$keyManager->recoveryKeyExists()) { |
|
| 96 | - $keyPair = $this->crypt->createKeyPair(); |
|
| 97 | - if (!is_array($keyPair)) { |
|
| 98 | - return false; |
|
| 99 | - } |
|
| 100 | - |
|
| 101 | - $this->keyManager->setRecoveryKey($password, $keyPair); |
|
| 102 | - } |
|
| 103 | - |
|
| 104 | - if ($keyManager->checkRecoveryPassword($password)) { |
|
| 105 | - $appConfig->setAppValue('encryption', 'recoveryAdminEnabled', 1); |
|
| 106 | - return true; |
|
| 107 | - } |
|
| 108 | - |
|
| 109 | - return false; |
|
| 110 | - } |
|
| 111 | - |
|
| 112 | - /** |
|
| 113 | - * change recovery key id |
|
| 114 | - * |
|
| 115 | - * @param string $newPassword |
|
| 116 | - * @param string $oldPassword |
|
| 117 | - * @return bool |
|
| 118 | - */ |
|
| 119 | - public function changeRecoveryKeyPassword($newPassword, $oldPassword) { |
|
| 120 | - $recoveryKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId()); |
|
| 121 | - $decryptedRecoveryKey = $this->crypt->decryptPrivateKey($recoveryKey, $oldPassword); |
|
| 122 | - if ($decryptedRecoveryKey === false) { |
|
| 123 | - return false; |
|
| 124 | - } |
|
| 125 | - $encryptedRecoveryKey = $this->crypt->encryptPrivateKey($decryptedRecoveryKey, $newPassword); |
|
| 126 | - $header = $this->crypt->generateHeader(); |
|
| 127 | - if ($encryptedRecoveryKey) { |
|
| 128 | - $this->keyManager->setSystemPrivateKey($this->keyManager->getRecoveryKeyId(), $header . $encryptedRecoveryKey); |
|
| 129 | - return true; |
|
| 130 | - } |
|
| 131 | - return false; |
|
| 132 | - } |
|
| 133 | - |
|
| 134 | - /** |
|
| 135 | - * @param string $recoveryPassword |
|
| 136 | - * @return bool |
|
| 137 | - */ |
|
| 138 | - public function disableAdminRecovery($recoveryPassword) { |
|
| 139 | - $keyManager = $this->keyManager; |
|
| 140 | - |
|
| 141 | - if ($keyManager->checkRecoveryPassword($recoveryPassword)) { |
|
| 142 | - // Set recoveryAdmin as disabled |
|
| 143 | - $this->config->setAppValue('encryption', 'recoveryAdminEnabled', 0); |
|
| 144 | - return true; |
|
| 145 | - } |
|
| 146 | - return false; |
|
| 147 | - } |
|
| 148 | - |
|
| 149 | - /** |
|
| 150 | - * check if recovery is enabled for user |
|
| 151 | - * |
|
| 152 | - * @param string $user if no user is given we check the current logged-in user |
|
| 153 | - * |
|
| 154 | - * @return bool |
|
| 155 | - */ |
|
| 156 | - public function isRecoveryEnabledForUser($user = '') { |
|
| 157 | - $uid = $user === '' ? $this->user->getUID() : $user; |
|
| 158 | - $recoveryMode = $this->config->getUserValue($uid, |
|
| 159 | - 'encryption', |
|
| 160 | - 'recoveryEnabled', |
|
| 161 | - 0); |
|
| 162 | - |
|
| 163 | - return ($recoveryMode === '1'); |
|
| 164 | - } |
|
| 165 | - |
|
| 166 | - /** |
|
| 167 | - * check if recovery is key is enabled by the administrator |
|
| 168 | - * |
|
| 169 | - * @return bool |
|
| 170 | - */ |
|
| 171 | - public function isRecoveryKeyEnabled() { |
|
| 172 | - $enabled = $this->config->getAppValue('encryption', 'recoveryAdminEnabled', 0); |
|
| 173 | - |
|
| 174 | - return ($enabled === '1'); |
|
| 175 | - } |
|
| 176 | - |
|
| 177 | - /** |
|
| 178 | - * @param string $value |
|
| 179 | - * @return bool |
|
| 180 | - */ |
|
| 181 | - public function setRecoveryForUser($value) { |
|
| 182 | - try { |
|
| 183 | - $this->config->setUserValue($this->user->getUID(), |
|
| 184 | - 'encryption', |
|
| 185 | - 'recoveryEnabled', |
|
| 186 | - $value); |
|
| 187 | - |
|
| 188 | - if ($value === '1') { |
|
| 189 | - $this->addRecoveryKeys('/' . $this->user->getUID() . '/files/'); |
|
| 190 | - } else { |
|
| 191 | - $this->removeRecoveryKeys('/' . $this->user->getUID() . '/files/'); |
|
| 192 | - } |
|
| 193 | - |
|
| 194 | - return true; |
|
| 195 | - } catch (PreConditionNotMetException $e) { |
|
| 196 | - return false; |
|
| 197 | - } |
|
| 198 | - } |
|
| 199 | - |
|
| 200 | - /** |
|
| 201 | - * add recovery key to all encrypted files |
|
| 202 | - * @param string $path |
|
| 203 | - */ |
|
| 204 | - private function addRecoveryKeys($path) { |
|
| 205 | - $dirContent = $this->view->getDirectoryContent($path); |
|
| 206 | - foreach ($dirContent as $item) { |
|
| 207 | - $filePath = $item->getPath(); |
|
| 208 | - if ($item['type'] === 'dir') { |
|
| 209 | - $this->addRecoveryKeys($filePath . '/'); |
|
| 210 | - } else { |
|
| 211 | - $fileKey = $this->keyManager->getFileKey($filePath, $this->user->getUID()); |
|
| 212 | - if (!empty($fileKey)) { |
|
| 213 | - $accessList = $this->file->getAccessList($filePath); |
|
| 214 | - $publicKeys = []; |
|
| 215 | - foreach ($accessList['users'] as $uid) { |
|
| 216 | - $publicKeys[$uid] = $this->keyManager->getPublicKey($uid); |
|
| 217 | - } |
|
| 218 | - |
|
| 219 | - $publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys, $this->user->getUID()); |
|
| 220 | - |
|
| 221 | - $encryptedKeyfiles = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys); |
|
| 222 | - $this->keyManager->setAllFileKeys($filePath, $encryptedKeyfiles); |
|
| 223 | - } |
|
| 224 | - } |
|
| 225 | - } |
|
| 226 | - } |
|
| 227 | - |
|
| 228 | - /** |
|
| 229 | - * remove recovery key to all encrypted files |
|
| 230 | - * @param string $path |
|
| 231 | - */ |
|
| 232 | - private function removeRecoveryKeys($path) { |
|
| 233 | - $dirContent = $this->view->getDirectoryContent($path); |
|
| 234 | - foreach ($dirContent as $item) { |
|
| 235 | - $filePath = $item->getPath(); |
|
| 236 | - if ($item['type'] === 'dir') { |
|
| 237 | - $this->removeRecoveryKeys($filePath . '/'); |
|
| 238 | - } else { |
|
| 239 | - $this->keyManager->deleteShareKey($filePath, $this->keyManager->getRecoveryKeyId()); |
|
| 240 | - } |
|
| 241 | - } |
|
| 242 | - } |
|
| 243 | - |
|
| 244 | - /** |
|
| 245 | - * recover users files with the recovery key |
|
| 246 | - * |
|
| 247 | - * @param string $recoveryPassword |
|
| 248 | - * @param string $user |
|
| 249 | - */ |
|
| 250 | - public function recoverUsersFiles($recoveryPassword, $user) { |
|
| 251 | - $encryptedKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId()); |
|
| 252 | - |
|
| 253 | - $privateKey = $this->crypt->decryptPrivateKey($encryptedKey, $recoveryPassword); |
|
| 254 | - if ($privateKey !== false) { |
|
| 255 | - $this->recoverAllFiles('/' . $user . '/files/', $privateKey, $user); |
|
| 256 | - } |
|
| 257 | - } |
|
| 258 | - |
|
| 259 | - /** |
|
| 260 | - * recover users files |
|
| 261 | - * |
|
| 262 | - * @param string $path |
|
| 263 | - * @param string $privateKey |
|
| 264 | - * @param string $uid |
|
| 265 | - */ |
|
| 266 | - private function recoverAllFiles($path, $privateKey, $uid) { |
|
| 267 | - $dirContent = $this->view->getDirectoryContent($path); |
|
| 268 | - |
|
| 269 | - foreach ($dirContent as $item) { |
|
| 270 | - // Get relative path from encryption/keyfiles |
|
| 271 | - $filePath = $item->getPath(); |
|
| 272 | - if ($this->view->is_dir($filePath)) { |
|
| 273 | - $this->recoverAllFiles($filePath . '/', $privateKey, $uid); |
|
| 274 | - } else { |
|
| 275 | - $this->recoverFile($filePath, $privateKey, $uid); |
|
| 276 | - } |
|
| 277 | - } |
|
| 278 | - } |
|
| 279 | - |
|
| 280 | - /** |
|
| 281 | - * recover file |
|
| 282 | - * |
|
| 283 | - * @param string $path |
|
| 284 | - * @param string $privateKey |
|
| 285 | - * @param string $uid |
|
| 286 | - */ |
|
| 287 | - private function recoverFile($path, $privateKey, $uid) { |
|
| 288 | - $encryptedFileKey = $this->keyManager->getEncryptedFileKey($path); |
|
| 289 | - $shareKey = $this->keyManager->getShareKey($path, $this->keyManager->getRecoveryKeyId()); |
|
| 290 | - |
|
| 291 | - if ($encryptedFileKey && $shareKey && $privateKey) { |
|
| 292 | - $fileKey = $this->crypt->multiKeyDecrypt($encryptedFileKey, |
|
| 293 | - $shareKey, |
|
| 294 | - $privateKey); |
|
| 295 | - } |
|
| 296 | - |
|
| 297 | - if (!empty($fileKey)) { |
|
| 298 | - $accessList = $this->file->getAccessList($path); |
|
| 299 | - $publicKeys = []; |
|
| 300 | - foreach ($accessList['users'] as $user) { |
|
| 301 | - $publicKeys[$user] = $this->keyManager->getPublicKey($user); |
|
| 302 | - } |
|
| 303 | - |
|
| 304 | - $publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys, $uid); |
|
| 305 | - |
|
| 306 | - $encryptedKeyfiles = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys); |
|
| 307 | - $this->keyManager->setAllFileKeys($path, $encryptedKeyfiles); |
|
| 308 | - } |
|
| 309 | - } |
|
| 40 | + /** |
|
| 41 | + * @var null|IUser |
|
| 42 | + */ |
|
| 43 | + protected $user; |
|
| 44 | + /** |
|
| 45 | + * @var Crypt |
|
| 46 | + */ |
|
| 47 | + protected $crypt; |
|
| 48 | + /** |
|
| 49 | + * @var KeyManager |
|
| 50 | + */ |
|
| 51 | + private $keyManager; |
|
| 52 | + /** |
|
| 53 | + * @var IConfig |
|
| 54 | + */ |
|
| 55 | + private $config; |
|
| 56 | + /** |
|
| 57 | + * @var View |
|
| 58 | + */ |
|
| 59 | + private $view; |
|
| 60 | + /** |
|
| 61 | + * @var IFile |
|
| 62 | + */ |
|
| 63 | + private $file; |
|
| 64 | + |
|
| 65 | + /** |
|
| 66 | + * @param IUserSession $userSession |
|
| 67 | + * @param Crypt $crypt |
|
| 68 | + * @param KeyManager $keyManager |
|
| 69 | + * @param IConfig $config |
|
| 70 | + * @param IFile $file |
|
| 71 | + * @param View $view |
|
| 72 | + */ |
|
| 73 | + public function __construct(IUserSession $userSession, |
|
| 74 | + Crypt $crypt, |
|
| 75 | + KeyManager $keyManager, |
|
| 76 | + IConfig $config, |
|
| 77 | + IFile $file, |
|
| 78 | + View $view) { |
|
| 79 | + $this->user = ($userSession->isLoggedIn()) ? $userSession->getUser() : null; |
|
| 80 | + $this->crypt = $crypt; |
|
| 81 | + $this->keyManager = $keyManager; |
|
| 82 | + $this->config = $config; |
|
| 83 | + $this->view = $view; |
|
| 84 | + $this->file = $file; |
|
| 85 | + } |
|
| 86 | + |
|
| 87 | + /** |
|
| 88 | + * @param string $password |
|
| 89 | + * @return bool |
|
| 90 | + */ |
|
| 91 | + public function enableAdminRecovery($password) { |
|
| 92 | + $appConfig = $this->config; |
|
| 93 | + $keyManager = $this->keyManager; |
|
| 94 | + |
|
| 95 | + if (!$keyManager->recoveryKeyExists()) { |
|
| 96 | + $keyPair = $this->crypt->createKeyPair(); |
|
| 97 | + if (!is_array($keyPair)) { |
|
| 98 | + return false; |
|
| 99 | + } |
|
| 100 | + |
|
| 101 | + $this->keyManager->setRecoveryKey($password, $keyPair); |
|
| 102 | + } |
|
| 103 | + |
|
| 104 | + if ($keyManager->checkRecoveryPassword($password)) { |
|
| 105 | + $appConfig->setAppValue('encryption', 'recoveryAdminEnabled', 1); |
|
| 106 | + return true; |
|
| 107 | + } |
|
| 108 | + |
|
| 109 | + return false; |
|
| 110 | + } |
|
| 111 | + |
|
| 112 | + /** |
|
| 113 | + * change recovery key id |
|
| 114 | + * |
|
| 115 | + * @param string $newPassword |
|
| 116 | + * @param string $oldPassword |
|
| 117 | + * @return bool |
|
| 118 | + */ |
|
| 119 | + public function changeRecoveryKeyPassword($newPassword, $oldPassword) { |
|
| 120 | + $recoveryKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId()); |
|
| 121 | + $decryptedRecoveryKey = $this->crypt->decryptPrivateKey($recoveryKey, $oldPassword); |
|
| 122 | + if ($decryptedRecoveryKey === false) { |
|
| 123 | + return false; |
|
| 124 | + } |
|
| 125 | + $encryptedRecoveryKey = $this->crypt->encryptPrivateKey($decryptedRecoveryKey, $newPassword); |
|
| 126 | + $header = $this->crypt->generateHeader(); |
|
| 127 | + if ($encryptedRecoveryKey) { |
|
| 128 | + $this->keyManager->setSystemPrivateKey($this->keyManager->getRecoveryKeyId(), $header . $encryptedRecoveryKey); |
|
| 129 | + return true; |
|
| 130 | + } |
|
| 131 | + return false; |
|
| 132 | + } |
|
| 133 | + |
|
| 134 | + /** |
|
| 135 | + * @param string $recoveryPassword |
|
| 136 | + * @return bool |
|
| 137 | + */ |
|
| 138 | + public function disableAdminRecovery($recoveryPassword) { |
|
| 139 | + $keyManager = $this->keyManager; |
|
| 140 | + |
|
| 141 | + if ($keyManager->checkRecoveryPassword($recoveryPassword)) { |
|
| 142 | + // Set recoveryAdmin as disabled |
|
| 143 | + $this->config->setAppValue('encryption', 'recoveryAdminEnabled', 0); |
|
| 144 | + return true; |
|
| 145 | + } |
|
| 146 | + return false; |
|
| 147 | + } |
|
| 148 | + |
|
| 149 | + /** |
|
| 150 | + * check if recovery is enabled for user |
|
| 151 | + * |
|
| 152 | + * @param string $user if no user is given we check the current logged-in user |
|
| 153 | + * |
|
| 154 | + * @return bool |
|
| 155 | + */ |
|
| 156 | + public function isRecoveryEnabledForUser($user = '') { |
|
| 157 | + $uid = $user === '' ? $this->user->getUID() : $user; |
|
| 158 | + $recoveryMode = $this->config->getUserValue($uid, |
|
| 159 | + 'encryption', |
|
| 160 | + 'recoveryEnabled', |
|
| 161 | + 0); |
|
| 162 | + |
|
| 163 | + return ($recoveryMode === '1'); |
|
| 164 | + } |
|
| 165 | + |
|
| 166 | + /** |
|
| 167 | + * check if recovery is key is enabled by the administrator |
|
| 168 | + * |
|
| 169 | + * @return bool |
|
| 170 | + */ |
|
| 171 | + public function isRecoveryKeyEnabled() { |
|
| 172 | + $enabled = $this->config->getAppValue('encryption', 'recoveryAdminEnabled', 0); |
|
| 173 | + |
|
| 174 | + return ($enabled === '1'); |
|
| 175 | + } |
|
| 176 | + |
|
| 177 | + /** |
|
| 178 | + * @param string $value |
|
| 179 | + * @return bool |
|
| 180 | + */ |
|
| 181 | + public function setRecoveryForUser($value) { |
|
| 182 | + try { |
|
| 183 | + $this->config->setUserValue($this->user->getUID(), |
|
| 184 | + 'encryption', |
|
| 185 | + 'recoveryEnabled', |
|
| 186 | + $value); |
|
| 187 | + |
|
| 188 | + if ($value === '1') { |
|
| 189 | + $this->addRecoveryKeys('/' . $this->user->getUID() . '/files/'); |
|
| 190 | + } else { |
|
| 191 | + $this->removeRecoveryKeys('/' . $this->user->getUID() . '/files/'); |
|
| 192 | + } |
|
| 193 | + |
|
| 194 | + return true; |
|
| 195 | + } catch (PreConditionNotMetException $e) { |
|
| 196 | + return false; |
|
| 197 | + } |
|
| 198 | + } |
|
| 199 | + |
|
| 200 | + /** |
|
| 201 | + * add recovery key to all encrypted files |
|
| 202 | + * @param string $path |
|
| 203 | + */ |
|
| 204 | + private function addRecoveryKeys($path) { |
|
| 205 | + $dirContent = $this->view->getDirectoryContent($path); |
|
| 206 | + foreach ($dirContent as $item) { |
|
| 207 | + $filePath = $item->getPath(); |
|
| 208 | + if ($item['type'] === 'dir') { |
|
| 209 | + $this->addRecoveryKeys($filePath . '/'); |
|
| 210 | + } else { |
|
| 211 | + $fileKey = $this->keyManager->getFileKey($filePath, $this->user->getUID()); |
|
| 212 | + if (!empty($fileKey)) { |
|
| 213 | + $accessList = $this->file->getAccessList($filePath); |
|
| 214 | + $publicKeys = []; |
|
| 215 | + foreach ($accessList['users'] as $uid) { |
|
| 216 | + $publicKeys[$uid] = $this->keyManager->getPublicKey($uid); |
|
| 217 | + } |
|
| 218 | + |
|
| 219 | + $publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys, $this->user->getUID()); |
|
| 220 | + |
|
| 221 | + $encryptedKeyfiles = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys); |
|
| 222 | + $this->keyManager->setAllFileKeys($filePath, $encryptedKeyfiles); |
|
| 223 | + } |
|
| 224 | + } |
|
| 225 | + } |
|
| 226 | + } |
|
| 227 | + |
|
| 228 | + /** |
|
| 229 | + * remove recovery key to all encrypted files |
|
| 230 | + * @param string $path |
|
| 231 | + */ |
|
| 232 | + private function removeRecoveryKeys($path) { |
|
| 233 | + $dirContent = $this->view->getDirectoryContent($path); |
|
| 234 | + foreach ($dirContent as $item) { |
|
| 235 | + $filePath = $item->getPath(); |
|
| 236 | + if ($item['type'] === 'dir') { |
|
| 237 | + $this->removeRecoveryKeys($filePath . '/'); |
|
| 238 | + } else { |
|
| 239 | + $this->keyManager->deleteShareKey($filePath, $this->keyManager->getRecoveryKeyId()); |
|
| 240 | + } |
|
| 241 | + } |
|
| 242 | + } |
|
| 243 | + |
|
| 244 | + /** |
|
| 245 | + * recover users files with the recovery key |
|
| 246 | + * |
|
| 247 | + * @param string $recoveryPassword |
|
| 248 | + * @param string $user |
|
| 249 | + */ |
|
| 250 | + public function recoverUsersFiles($recoveryPassword, $user) { |
|
| 251 | + $encryptedKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId()); |
|
| 252 | + |
|
| 253 | + $privateKey = $this->crypt->decryptPrivateKey($encryptedKey, $recoveryPassword); |
|
| 254 | + if ($privateKey !== false) { |
|
| 255 | + $this->recoverAllFiles('/' . $user . '/files/', $privateKey, $user); |
|
| 256 | + } |
|
| 257 | + } |
|
| 258 | + |
|
| 259 | + /** |
|
| 260 | + * recover users files |
|
| 261 | + * |
|
| 262 | + * @param string $path |
|
| 263 | + * @param string $privateKey |
|
| 264 | + * @param string $uid |
|
| 265 | + */ |
|
| 266 | + private function recoverAllFiles($path, $privateKey, $uid) { |
|
| 267 | + $dirContent = $this->view->getDirectoryContent($path); |
|
| 268 | + |
|
| 269 | + foreach ($dirContent as $item) { |
|
| 270 | + // Get relative path from encryption/keyfiles |
|
| 271 | + $filePath = $item->getPath(); |
|
| 272 | + if ($this->view->is_dir($filePath)) { |
|
| 273 | + $this->recoverAllFiles($filePath . '/', $privateKey, $uid); |
|
| 274 | + } else { |
|
| 275 | + $this->recoverFile($filePath, $privateKey, $uid); |
|
| 276 | + } |
|
| 277 | + } |
|
| 278 | + } |
|
| 279 | + |
|
| 280 | + /** |
|
| 281 | + * recover file |
|
| 282 | + * |
|
| 283 | + * @param string $path |
|
| 284 | + * @param string $privateKey |
|
| 285 | + * @param string $uid |
|
| 286 | + */ |
|
| 287 | + private function recoverFile($path, $privateKey, $uid) { |
|
| 288 | + $encryptedFileKey = $this->keyManager->getEncryptedFileKey($path); |
|
| 289 | + $shareKey = $this->keyManager->getShareKey($path, $this->keyManager->getRecoveryKeyId()); |
|
| 290 | + |
|
| 291 | + if ($encryptedFileKey && $shareKey && $privateKey) { |
|
| 292 | + $fileKey = $this->crypt->multiKeyDecrypt($encryptedFileKey, |
|
| 293 | + $shareKey, |
|
| 294 | + $privateKey); |
|
| 295 | + } |
|
| 296 | + |
|
| 297 | + if (!empty($fileKey)) { |
|
| 298 | + $accessList = $this->file->getAccessList($path); |
|
| 299 | + $publicKeys = []; |
|
| 300 | + foreach ($accessList['users'] as $user) { |
|
| 301 | + $publicKeys[$user] = $this->keyManager->getPublicKey($user); |
|
| 302 | + } |
|
| 303 | + |
|
| 304 | + $publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys, $uid); |
|
| 305 | + |
|
| 306 | + $encryptedKeyfiles = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys); |
|
| 307 | + $this->keyManager->setAllFileKeys($path, $encryptedKeyfiles); |
|
| 308 | + } |
|
| 309 | + } |
|
| 310 | 310 | } |
@@ -87,9 +87,9 @@ |
||
| 87 | 87 | private function getLegacyForms() { |
| 88 | 88 | $forms = \OC_App::getForms('admin'); |
| 89 | 89 | |
| 90 | - $forms = array_map(function ($form) { |
|
| 90 | + $forms = array_map(function($form) { |
|
| 91 | 91 | if (preg_match('%(<h2(?P<class>[^>]*)>.*?</h2>)%i', $form, $regs)) { |
| 92 | - $sectionName = str_replace('<h2' . $regs['class'] . '>', '', $regs[0]); |
|
| 92 | + $sectionName = str_replace('<h2'.$regs['class'].'>', '', $regs[0]); |
|
| 93 | 93 | $sectionName = str_replace('</h2>', '', $sectionName); |
| 94 | 94 | $anchor = strtolower($sectionName); |
| 95 | 95 | $anchor = str_replace(' ', '-', $anchor); |
@@ -38,83 +38,83 @@ |
||
| 38 | 38 | use OCP\Template; |
| 39 | 39 | |
| 40 | 40 | class AdminSettingsController extends Controller { |
| 41 | - use CommonSettingsTrait; |
|
| 41 | + use CommonSettingsTrait; |
|
| 42 | 42 | |
| 43 | - public function __construct( |
|
| 44 | - $appName, |
|
| 45 | - IRequest $request, |
|
| 46 | - INavigationManager $navigationManager, |
|
| 47 | - ISettingsManager $settingsManager, |
|
| 48 | - IUserSession $userSession, |
|
| 49 | - IGroupManager $groupManager, |
|
| 50 | - ISubAdmin $subAdmin |
|
| 51 | - ) { |
|
| 52 | - parent::__construct($appName, $request); |
|
| 53 | - $this->navigationManager = $navigationManager; |
|
| 54 | - $this->settingsManager = $settingsManager; |
|
| 55 | - $this->userSession = $userSession; |
|
| 56 | - $this->groupManager = $groupManager; |
|
| 57 | - $this->subAdmin = $subAdmin; |
|
| 58 | - } |
|
| 43 | + public function __construct( |
|
| 44 | + $appName, |
|
| 45 | + IRequest $request, |
|
| 46 | + INavigationManager $navigationManager, |
|
| 47 | + ISettingsManager $settingsManager, |
|
| 48 | + IUserSession $userSession, |
|
| 49 | + IGroupManager $groupManager, |
|
| 50 | + ISubAdmin $subAdmin |
|
| 51 | + ) { |
|
| 52 | + parent::__construct($appName, $request); |
|
| 53 | + $this->navigationManager = $navigationManager; |
|
| 54 | + $this->settingsManager = $settingsManager; |
|
| 55 | + $this->userSession = $userSession; |
|
| 56 | + $this->groupManager = $groupManager; |
|
| 57 | + $this->subAdmin = $subAdmin; |
|
| 58 | + } |
|
| 59 | 59 | |
| 60 | - /** |
|
| 61 | - * @NoCSRFRequired |
|
| 62 | - * @NoAdminRequired |
|
| 63 | - * @NoSubAdminRequired |
|
| 64 | - * We are checking the permissions in the getSettings method. If there is no allowed |
|
| 65 | - * settings for the given section. The user will be gretted by an error message. |
|
| 66 | - */ |
|
| 67 | - public function index(string $section): TemplateResponse { |
|
| 68 | - return $this->getIndexResponse('admin', $section); |
|
| 69 | - } |
|
| 60 | + /** |
|
| 61 | + * @NoCSRFRequired |
|
| 62 | + * @NoAdminRequired |
|
| 63 | + * @NoSubAdminRequired |
|
| 64 | + * We are checking the permissions in the getSettings method. If there is no allowed |
|
| 65 | + * settings for the given section. The user will be gretted by an error message. |
|
| 66 | + */ |
|
| 67 | + public function index(string $section): TemplateResponse { |
|
| 68 | + return $this->getIndexResponse('admin', $section); |
|
| 69 | + } |
|
| 70 | 70 | |
| 71 | - /** |
|
| 72 | - * @param string $section |
|
| 73 | - * @return array |
|
| 74 | - */ |
|
| 75 | - protected function getSettings($section) { |
|
| 76 | - /** @var IUser $user */ |
|
| 77 | - $user = $this->userSession->getUser(); |
|
| 78 | - $isSubAdmin = !$this->groupManager->isAdmin($user->getUID()) && $this->subAdmin->isSubAdmin($user); |
|
| 79 | - $settings = $this->settingsManager->getAllowedAdminSettings($section, $user); |
|
| 80 | - if (empty($settings)) { |
|
| 81 | - throw new NotAdminException("Logged in user doesn't have permission to access these settings."); |
|
| 82 | - } |
|
| 83 | - $formatted = $this->formatSettings($settings); |
|
| 84 | - // Do not show legacy forms for sub admins |
|
| 85 | - if ($section === 'additional' && !$isSubAdmin) { |
|
| 86 | - $formatted['content'] .= $this->getLegacyForms(); |
|
| 87 | - } |
|
| 88 | - return $formatted; |
|
| 89 | - } |
|
| 71 | + /** |
|
| 72 | + * @param string $section |
|
| 73 | + * @return array |
|
| 74 | + */ |
|
| 75 | + protected function getSettings($section) { |
|
| 76 | + /** @var IUser $user */ |
|
| 77 | + $user = $this->userSession->getUser(); |
|
| 78 | + $isSubAdmin = !$this->groupManager->isAdmin($user->getUID()) && $this->subAdmin->isSubAdmin($user); |
|
| 79 | + $settings = $this->settingsManager->getAllowedAdminSettings($section, $user); |
|
| 80 | + if (empty($settings)) { |
|
| 81 | + throw new NotAdminException("Logged in user doesn't have permission to access these settings."); |
|
| 82 | + } |
|
| 83 | + $formatted = $this->formatSettings($settings); |
|
| 84 | + // Do not show legacy forms for sub admins |
|
| 85 | + if ($section === 'additional' && !$isSubAdmin) { |
|
| 86 | + $formatted['content'] .= $this->getLegacyForms(); |
|
| 87 | + } |
|
| 88 | + return $formatted; |
|
| 89 | + } |
|
| 90 | 90 | |
| 91 | - /** |
|
| 92 | - * @return bool|string |
|
| 93 | - */ |
|
| 94 | - private function getLegacyForms() { |
|
| 95 | - $forms = \OC_App::getForms('admin'); |
|
| 91 | + /** |
|
| 92 | + * @return bool|string |
|
| 93 | + */ |
|
| 94 | + private function getLegacyForms() { |
|
| 95 | + $forms = \OC_App::getForms('admin'); |
|
| 96 | 96 | |
| 97 | - $forms = array_map(function ($form) { |
|
| 98 | - if (preg_match('%(<h2(?P<class>[^>]*)>.*?</h2>)%i', $form, $regs)) { |
|
| 99 | - $sectionName = str_replace('<h2' . $regs['class'] . '>', '', $regs[0]); |
|
| 100 | - $sectionName = str_replace('</h2>', '', $sectionName); |
|
| 101 | - $anchor = strtolower($sectionName); |
|
| 102 | - $anchor = str_replace(' ', '-', $anchor); |
|
| 97 | + $forms = array_map(function ($form) { |
|
| 98 | + if (preg_match('%(<h2(?P<class>[^>]*)>.*?</h2>)%i', $form, $regs)) { |
|
| 99 | + $sectionName = str_replace('<h2' . $regs['class'] . '>', '', $regs[0]); |
|
| 100 | + $sectionName = str_replace('</h2>', '', $sectionName); |
|
| 101 | + $anchor = strtolower($sectionName); |
|
| 102 | + $anchor = str_replace(' ', '-', $anchor); |
|
| 103 | 103 | |
| 104 | - return [ |
|
| 105 | - 'anchor' => $anchor, |
|
| 106 | - 'section-name' => $sectionName, |
|
| 107 | - 'form' => $form |
|
| 108 | - ]; |
|
| 109 | - } |
|
| 110 | - return [ |
|
| 111 | - 'form' => $form |
|
| 112 | - ]; |
|
| 113 | - }, $forms); |
|
| 104 | + return [ |
|
| 105 | + 'anchor' => $anchor, |
|
| 106 | + 'section-name' => $sectionName, |
|
| 107 | + 'form' => $form |
|
| 108 | + ]; |
|
| 109 | + } |
|
| 110 | + return [ |
|
| 111 | + 'form' => $form |
|
| 112 | + ]; |
|
| 113 | + }, $forms); |
|
| 114 | 114 | |
| 115 | - $out = new Template('settings', 'settings/additional'); |
|
| 116 | - $out->assign('forms', $forms); |
|
| 115 | + $out = new Template('settings', 'settings/additional'); |
|
| 116 | + $out->assign('forms', $forms); |
|
| 117 | 117 | |
| 118 | - return $out->fetchPage(); |
|
| 119 | - } |
|
| 118 | + return $out->fetchPage(); |
|
| 119 | + } |
|
| 120 | 120 | } |
@@ -79,9 +79,9 @@ |
||
| 79 | 79 | private function getLegacyForms() { |
| 80 | 80 | $forms = \OC_App::getForms('personal'); |
| 81 | 81 | |
| 82 | - $forms = array_map(function ($form) { |
|
| 82 | + $forms = array_map(function($form) { |
|
| 83 | 83 | if (preg_match('%(<h2(?P<class>[^>]*)>.*?</h2>)%i', $form, $regs)) { |
| 84 | - $sectionName = str_replace('<h2' . $regs['class'] . '>', '', $regs[0]); |
|
| 84 | + $sectionName = str_replace('<h2'.$regs['class'].'>', '', $regs[0]); |
|
| 85 | 85 | $sectionName = str_replace('</h2>', '', $sectionName); |
| 86 | 86 | $anchor = strtolower($sectionName); |
| 87 | 87 | $anchor = str_replace(' ', '-', $anchor); |
@@ -36,74 +36,74 @@ |
||
| 36 | 36 | use OCP\Template; |
| 37 | 37 | |
| 38 | 38 | class PersonalSettingsController extends Controller { |
| 39 | - use CommonSettingsTrait; |
|
| 39 | + use CommonSettingsTrait; |
|
| 40 | 40 | |
| 41 | - public function __construct( |
|
| 42 | - $appName, |
|
| 43 | - IRequest $request, |
|
| 44 | - INavigationManager $navigationManager, |
|
| 45 | - ISettingsManager $settingsManager, |
|
| 46 | - IUserSession $userSession, |
|
| 47 | - IGroupManager $groupManager, |
|
| 48 | - ISubAdmin $subAdmin |
|
| 49 | - ) { |
|
| 50 | - parent::__construct($appName, $request); |
|
| 51 | - $this->navigationManager = $navigationManager; |
|
| 52 | - $this->settingsManager = $settingsManager; |
|
| 53 | - $this->userSession = $userSession; |
|
| 54 | - $this->subAdmin = $subAdmin; |
|
| 55 | - $this->groupManager = $groupManager; |
|
| 56 | - } |
|
| 41 | + public function __construct( |
|
| 42 | + $appName, |
|
| 43 | + IRequest $request, |
|
| 44 | + INavigationManager $navigationManager, |
|
| 45 | + ISettingsManager $settingsManager, |
|
| 46 | + IUserSession $userSession, |
|
| 47 | + IGroupManager $groupManager, |
|
| 48 | + ISubAdmin $subAdmin |
|
| 49 | + ) { |
|
| 50 | + parent::__construct($appName, $request); |
|
| 51 | + $this->navigationManager = $navigationManager; |
|
| 52 | + $this->settingsManager = $settingsManager; |
|
| 53 | + $this->userSession = $userSession; |
|
| 54 | + $this->subAdmin = $subAdmin; |
|
| 55 | + $this->groupManager = $groupManager; |
|
| 56 | + } |
|
| 57 | 57 | |
| 58 | - /** |
|
| 59 | - * @NoCSRFRequired |
|
| 60 | - * @NoAdminRequired |
|
| 61 | - * @NoSubAdminRequired |
|
| 62 | - */ |
|
| 63 | - public function index(string $section): TemplateResponse { |
|
| 64 | - return $this->getIndexResponse('personal', $section); |
|
| 65 | - } |
|
| 58 | + /** |
|
| 59 | + * @NoCSRFRequired |
|
| 60 | + * @NoAdminRequired |
|
| 61 | + * @NoSubAdminRequired |
|
| 62 | + */ |
|
| 63 | + public function index(string $section): TemplateResponse { |
|
| 64 | + return $this->getIndexResponse('personal', $section); |
|
| 65 | + } |
|
| 66 | 66 | |
| 67 | - /** |
|
| 68 | - * @param string $section |
|
| 69 | - * @return array |
|
| 70 | - */ |
|
| 71 | - protected function getSettings($section) { |
|
| 72 | - $settings = $this->settingsManager->getPersonalSettings($section); |
|
| 73 | - $formatted = $this->formatSettings($settings); |
|
| 74 | - if ($section === 'additional') { |
|
| 75 | - $formatted['content'] .= $this->getLegacyForms(); |
|
| 76 | - } |
|
| 77 | - return $formatted; |
|
| 78 | - } |
|
| 67 | + /** |
|
| 68 | + * @param string $section |
|
| 69 | + * @return array |
|
| 70 | + */ |
|
| 71 | + protected function getSettings($section) { |
|
| 72 | + $settings = $this->settingsManager->getPersonalSettings($section); |
|
| 73 | + $formatted = $this->formatSettings($settings); |
|
| 74 | + if ($section === 'additional') { |
|
| 75 | + $formatted['content'] .= $this->getLegacyForms(); |
|
| 76 | + } |
|
| 77 | + return $formatted; |
|
| 78 | + } |
|
| 79 | 79 | |
| 80 | - /** |
|
| 81 | - * @return bool|string |
|
| 82 | - */ |
|
| 83 | - private function getLegacyForms() { |
|
| 84 | - $forms = \OC_App::getForms('personal'); |
|
| 80 | + /** |
|
| 81 | + * @return bool|string |
|
| 82 | + */ |
|
| 83 | + private function getLegacyForms() { |
|
| 84 | + $forms = \OC_App::getForms('personal'); |
|
| 85 | 85 | |
| 86 | - $forms = array_map(function ($form) { |
|
| 87 | - if (preg_match('%(<h2(?P<class>[^>]*)>.*?</h2>)%i', $form, $regs)) { |
|
| 88 | - $sectionName = str_replace('<h2' . $regs['class'] . '>', '', $regs[0]); |
|
| 89 | - $sectionName = str_replace('</h2>', '', $sectionName); |
|
| 90 | - $anchor = strtolower($sectionName); |
|
| 91 | - $anchor = str_replace(' ', '-', $anchor); |
|
| 86 | + $forms = array_map(function ($form) { |
|
| 87 | + if (preg_match('%(<h2(?P<class>[^>]*)>.*?</h2>)%i', $form, $regs)) { |
|
| 88 | + $sectionName = str_replace('<h2' . $regs['class'] . '>', '', $regs[0]); |
|
| 89 | + $sectionName = str_replace('</h2>', '', $sectionName); |
|
| 90 | + $anchor = strtolower($sectionName); |
|
| 91 | + $anchor = str_replace(' ', '-', $anchor); |
|
| 92 | 92 | |
| 93 | - return [ |
|
| 94 | - 'anchor' => $anchor, |
|
| 95 | - 'section-name' => $sectionName, |
|
| 96 | - 'form' => $form |
|
| 97 | - ]; |
|
| 98 | - } |
|
| 99 | - return [ |
|
| 100 | - 'form' => $form |
|
| 101 | - ]; |
|
| 102 | - }, $forms); |
|
| 93 | + return [ |
|
| 94 | + 'anchor' => $anchor, |
|
| 95 | + 'section-name' => $sectionName, |
|
| 96 | + 'form' => $form |
|
| 97 | + ]; |
|
| 98 | + } |
|
| 99 | + return [ |
|
| 100 | + 'form' => $form |
|
| 101 | + ]; |
|
| 102 | + }, $forms); |
|
| 103 | 103 | |
| 104 | - $out = new Template('settings', 'settings/additional'); |
|
| 105 | - $out->assign('forms', $forms); |
|
| 104 | + $out = new Template('settings', 'settings/additional'); |
|
| 105 | + $out->assign('forms', $forms); |
|
| 106 | 106 | |
| 107 | - return $out->fetchPage(); |
|
| 108 | - } |
|
| 107 | + return $out->fetchPage(); |
|
| 108 | + } |
|
| 109 | 109 | } |
@@ -35,28 +35,28 @@ |
||
| 35 | 35 | |
| 36 | 36 | class LogSettingsController extends Controller { |
| 37 | 37 | |
| 38 | - /** @var Log */ |
|
| 39 | - private $log; |
|
| 38 | + /** @var Log */ |
|
| 39 | + private $log; |
|
| 40 | 40 | |
| 41 | - public function __construct(string $appName, IRequest $request, Log $logger) { |
|
| 42 | - parent::__construct($appName, $request); |
|
| 43 | - $this->log = $logger; |
|
| 44 | - } |
|
| 41 | + public function __construct(string $appName, IRequest $request, Log $logger) { |
|
| 42 | + parent::__construct($appName, $request); |
|
| 43 | + $this->log = $logger; |
|
| 44 | + } |
|
| 45 | 45 | |
| 46 | - /** |
|
| 47 | - * download logfile |
|
| 48 | - * |
|
| 49 | - * @NoCSRFRequired |
|
| 50 | - * |
|
| 51 | - * @return StreamResponse |
|
| 52 | - */ |
|
| 53 | - public function download() { |
|
| 54 | - if (!$this->log instanceof Log) { |
|
| 55 | - throw new \UnexpectedValueException('Log file not available'); |
|
| 56 | - } |
|
| 57 | - $resp = new StreamResponse($this->log->getLogPath()); |
|
| 58 | - $resp->addHeader('Content-Type', 'application/octet-stream'); |
|
| 59 | - $resp->addHeader('Content-Disposition', 'attachment; filename="nextcloud.log"'); |
|
| 60 | - return $resp; |
|
| 61 | - } |
|
| 46 | + /** |
|
| 47 | + * download logfile |
|
| 48 | + * |
|
| 49 | + * @NoCSRFRequired |
|
| 50 | + * |
|
| 51 | + * @return StreamResponse |
|
| 52 | + */ |
|
| 53 | + public function download() { |
|
| 54 | + if (!$this->log instanceof Log) { |
|
| 55 | + throw new \UnexpectedValueException('Log file not available'); |
|
| 56 | + } |
|
| 57 | + $resp = new StreamResponse($this->log->getLogPath()); |
|
| 58 | + $resp->addHeader('Content-Type', 'application/octet-stream'); |
|
| 59 | + $resp->addHeader('Content-Disposition', 'attachment; filename="nextcloud.log"'); |
|
| 60 | + return $resp; |
|
| 61 | + } |
|
| 62 | 62 | } |
@@ -229,7 +229,7 @@ |
||
| 229 | 229 | 'message' => $this->l->t('Please provide an admin recovery password; otherwise, all user data will be lost.'), |
| 230 | 230 | ] |
| 231 | 231 | ]); |
| 232 | - } elseif ($recoveryEnabledForUser && ! $validRecoveryPassword) { |
|
| 232 | + } elseif ($recoveryEnabledForUser && !$validRecoveryPassword) { |
|
| 233 | 233 | return new JSONResponse([ |
| 234 | 234 | 'status' => 'error', |
| 235 | 235 | 'data' => [ |
@@ -49,235 +49,235 @@ |
||
| 49 | 49 | use OCP\IUserSession; |
| 50 | 50 | |
| 51 | 51 | class ChangePasswordController extends Controller { |
| 52 | - private ?string $userId; |
|
| 53 | - private IUserManager $userManager; |
|
| 54 | - private IL10N $l; |
|
| 55 | - private GroupManager $groupManager; |
|
| 56 | - private Session $userSession; |
|
| 57 | - private IAppManager $appManager; |
|
| 52 | + private ?string $userId; |
|
| 53 | + private IUserManager $userManager; |
|
| 54 | + private IL10N $l; |
|
| 55 | + private GroupManager $groupManager; |
|
| 56 | + private Session $userSession; |
|
| 57 | + private IAppManager $appManager; |
|
| 58 | 58 | |
| 59 | - public function __construct(string $appName, |
|
| 60 | - IRequest $request, |
|
| 61 | - ?string $userId, |
|
| 62 | - IUserManager $userManager, |
|
| 63 | - IUserSession $userSession, |
|
| 64 | - IGroupManager $groupManager, |
|
| 65 | - IAppManager $appManager, |
|
| 66 | - IL10N $l) { |
|
| 67 | - parent::__construct($appName, $request); |
|
| 59 | + public function __construct(string $appName, |
|
| 60 | + IRequest $request, |
|
| 61 | + ?string $userId, |
|
| 62 | + IUserManager $userManager, |
|
| 63 | + IUserSession $userSession, |
|
| 64 | + IGroupManager $groupManager, |
|
| 65 | + IAppManager $appManager, |
|
| 66 | + IL10N $l) { |
|
| 67 | + parent::__construct($appName, $request); |
|
| 68 | 68 | |
| 69 | - $this->userId = $userId; |
|
| 70 | - $this->userManager = $userManager; |
|
| 71 | - $this->userSession = $userSession; |
|
| 72 | - $this->groupManager = $groupManager; |
|
| 73 | - $this->appManager = $appManager; |
|
| 74 | - $this->l = $l; |
|
| 75 | - } |
|
| 69 | + $this->userId = $userId; |
|
| 70 | + $this->userManager = $userManager; |
|
| 71 | + $this->userSession = $userSession; |
|
| 72 | + $this->groupManager = $groupManager; |
|
| 73 | + $this->appManager = $appManager; |
|
| 74 | + $this->l = $l; |
|
| 75 | + } |
|
| 76 | 76 | |
| 77 | - /** |
|
| 78 | - * @NoAdminRequired |
|
| 79 | - * @NoSubAdminRequired |
|
| 80 | - * @BruteForceProtection(action=changePersonalPassword) |
|
| 81 | - */ |
|
| 82 | - public function changePersonalPassword(string $oldpassword = '', string $newpassword = null): JSONResponse { |
|
| 83 | - $loginName = $this->userSession->getLoginName(); |
|
| 84 | - /** @var IUser $user */ |
|
| 85 | - $user = $this->userManager->checkPassword($loginName, $oldpassword); |
|
| 86 | - if ($user === false) { |
|
| 87 | - $response = new JSONResponse([ |
|
| 88 | - 'status' => 'error', |
|
| 89 | - 'data' => [ |
|
| 90 | - 'message' => $this->l->t('Wrong password'), |
|
| 91 | - ], |
|
| 92 | - ]); |
|
| 93 | - $response->throttle(); |
|
| 94 | - return $response; |
|
| 95 | - } |
|
| 77 | + /** |
|
| 78 | + * @NoAdminRequired |
|
| 79 | + * @NoSubAdminRequired |
|
| 80 | + * @BruteForceProtection(action=changePersonalPassword) |
|
| 81 | + */ |
|
| 82 | + public function changePersonalPassword(string $oldpassword = '', string $newpassword = null): JSONResponse { |
|
| 83 | + $loginName = $this->userSession->getLoginName(); |
|
| 84 | + /** @var IUser $user */ |
|
| 85 | + $user = $this->userManager->checkPassword($loginName, $oldpassword); |
|
| 86 | + if ($user === false) { |
|
| 87 | + $response = new JSONResponse([ |
|
| 88 | + 'status' => 'error', |
|
| 89 | + 'data' => [ |
|
| 90 | + 'message' => $this->l->t('Wrong password'), |
|
| 91 | + ], |
|
| 92 | + ]); |
|
| 93 | + $response->throttle(); |
|
| 94 | + return $response; |
|
| 95 | + } |
|
| 96 | 96 | |
| 97 | - try { |
|
| 98 | - if ($newpassword === null || strlen($newpassword) > IUserManager::MAX_PASSWORD_LENGTH || $user->setPassword($newpassword) === false) { |
|
| 99 | - return new JSONResponse([ |
|
| 100 | - 'status' => 'error', |
|
| 101 | - 'data' => [ |
|
| 102 | - 'message' => $this->l->t('Unable to change personal password'), |
|
| 103 | - ], |
|
| 104 | - ]); |
|
| 105 | - } |
|
| 106 | - // password policy app throws exception |
|
| 107 | - } catch (HintException $e) { |
|
| 108 | - return new JSONResponse([ |
|
| 109 | - 'status' => 'error', |
|
| 110 | - 'data' => [ |
|
| 111 | - 'message' => $e->getHint(), |
|
| 112 | - ], |
|
| 113 | - ]); |
|
| 114 | - } |
|
| 97 | + try { |
|
| 98 | + if ($newpassword === null || strlen($newpassword) > IUserManager::MAX_PASSWORD_LENGTH || $user->setPassword($newpassword) === false) { |
|
| 99 | + return new JSONResponse([ |
|
| 100 | + 'status' => 'error', |
|
| 101 | + 'data' => [ |
|
| 102 | + 'message' => $this->l->t('Unable to change personal password'), |
|
| 103 | + ], |
|
| 104 | + ]); |
|
| 105 | + } |
|
| 106 | + // password policy app throws exception |
|
| 107 | + } catch (HintException $e) { |
|
| 108 | + return new JSONResponse([ |
|
| 109 | + 'status' => 'error', |
|
| 110 | + 'data' => [ |
|
| 111 | + 'message' => $e->getHint(), |
|
| 112 | + ], |
|
| 113 | + ]); |
|
| 114 | + } |
|
| 115 | 115 | |
| 116 | - $this->userSession->updateSessionTokenPassword($newpassword); |
|
| 116 | + $this->userSession->updateSessionTokenPassword($newpassword); |
|
| 117 | 117 | |
| 118 | - return new JSONResponse([ |
|
| 119 | - 'status' => 'success', |
|
| 120 | - 'data' => [ |
|
| 121 | - 'message' => $this->l->t('Saved'), |
|
| 122 | - ], |
|
| 123 | - ]); |
|
| 124 | - } |
|
| 118 | + return new JSONResponse([ |
|
| 119 | + 'status' => 'success', |
|
| 120 | + 'data' => [ |
|
| 121 | + 'message' => $this->l->t('Saved'), |
|
| 122 | + ], |
|
| 123 | + ]); |
|
| 124 | + } |
|
| 125 | 125 | |
| 126 | - /** |
|
| 127 | - * @NoAdminRequired |
|
| 128 | - * @PasswordConfirmationRequired |
|
| 129 | - */ |
|
| 130 | - public function changeUserPassword(string $username = null, string $password = null, string $recoveryPassword = null): JSONResponse { |
|
| 131 | - if ($username === null) { |
|
| 132 | - return new JSONResponse([ |
|
| 133 | - 'status' => 'error', |
|
| 134 | - 'data' => [ |
|
| 135 | - 'message' => $this->l->t('No user supplied'), |
|
| 136 | - ], |
|
| 137 | - ]); |
|
| 138 | - } |
|
| 126 | + /** |
|
| 127 | + * @NoAdminRequired |
|
| 128 | + * @PasswordConfirmationRequired |
|
| 129 | + */ |
|
| 130 | + public function changeUserPassword(string $username = null, string $password = null, string $recoveryPassword = null): JSONResponse { |
|
| 131 | + if ($username === null) { |
|
| 132 | + return new JSONResponse([ |
|
| 133 | + 'status' => 'error', |
|
| 134 | + 'data' => [ |
|
| 135 | + 'message' => $this->l->t('No user supplied'), |
|
| 136 | + ], |
|
| 137 | + ]); |
|
| 138 | + } |
|
| 139 | 139 | |
| 140 | - if ($password === null) { |
|
| 141 | - return new JSONResponse([ |
|
| 142 | - 'status' => 'error', |
|
| 143 | - 'data' => [ |
|
| 144 | - 'message' => $this->l->t('Unable to change password'), |
|
| 145 | - ], |
|
| 146 | - ]); |
|
| 147 | - } |
|
| 140 | + if ($password === null) { |
|
| 141 | + return new JSONResponse([ |
|
| 142 | + 'status' => 'error', |
|
| 143 | + 'data' => [ |
|
| 144 | + 'message' => $this->l->t('Unable to change password'), |
|
| 145 | + ], |
|
| 146 | + ]); |
|
| 147 | + } |
|
| 148 | 148 | |
| 149 | - if (strlen($password) > IUserManager::MAX_PASSWORD_LENGTH) { |
|
| 150 | - return new JSONResponse([ |
|
| 151 | - 'status' => 'error', |
|
| 152 | - 'data' => [ |
|
| 153 | - 'message' => $this->l->t('Unable to change password. Password too long.'), |
|
| 154 | - ], |
|
| 155 | - ]); |
|
| 156 | - } |
|
| 149 | + if (strlen($password) > IUserManager::MAX_PASSWORD_LENGTH) { |
|
| 150 | + return new JSONResponse([ |
|
| 151 | + 'status' => 'error', |
|
| 152 | + 'data' => [ |
|
| 153 | + 'message' => $this->l->t('Unable to change password. Password too long.'), |
|
| 154 | + ], |
|
| 155 | + ]); |
|
| 156 | + } |
|
| 157 | 157 | |
| 158 | - $currentUser = $this->userSession->getUser(); |
|
| 159 | - $targetUser = $this->userManager->get($username); |
|
| 160 | - if ($currentUser === null || $targetUser === null || |
|
| 161 | - !($this->groupManager->isAdmin($this->userId) || |
|
| 162 | - $this->groupManager->getSubAdmin()->isUserAccessible($currentUser, $targetUser)) |
|
| 163 | - ) { |
|
| 164 | - return new JSONResponse([ |
|
| 165 | - 'status' => 'error', |
|
| 166 | - 'data' => [ |
|
| 167 | - 'message' => $this->l->t('Authentication error'), |
|
| 168 | - ], |
|
| 169 | - ]); |
|
| 170 | - } |
|
| 158 | + $currentUser = $this->userSession->getUser(); |
|
| 159 | + $targetUser = $this->userManager->get($username); |
|
| 160 | + if ($currentUser === null || $targetUser === null || |
|
| 161 | + !($this->groupManager->isAdmin($this->userId) || |
|
| 162 | + $this->groupManager->getSubAdmin()->isUserAccessible($currentUser, $targetUser)) |
|
| 163 | + ) { |
|
| 164 | + return new JSONResponse([ |
|
| 165 | + 'status' => 'error', |
|
| 166 | + 'data' => [ |
|
| 167 | + 'message' => $this->l->t('Authentication error'), |
|
| 168 | + ], |
|
| 169 | + ]); |
|
| 170 | + } |
|
| 171 | 171 | |
| 172 | - if ($this->appManager->isEnabledForUser('encryption')) { |
|
| 173 | - //handle the recovery case |
|
| 174 | - $crypt = new \OCA\Encryption\Crypto\Crypt( |
|
| 175 | - \OC::$server->getLogger(), |
|
| 176 | - \OC::$server->getUserSession(), |
|
| 177 | - \OC::$server->getConfig(), |
|
| 178 | - \OC::$server->getL10N('encryption')); |
|
| 179 | - $keyStorage = \OC::$server->getEncryptionKeyStorage(); |
|
| 180 | - $util = new \OCA\Encryption\Util( |
|
| 181 | - new \OC\Files\View(), |
|
| 182 | - $crypt, |
|
| 183 | - \OC::$server->getLogger(), |
|
| 184 | - \OC::$server->getUserSession(), |
|
| 185 | - \OC::$server->getConfig(), |
|
| 186 | - \OC::$server->getUserManager()); |
|
| 187 | - $keyManager = new \OCA\Encryption\KeyManager( |
|
| 188 | - $keyStorage, |
|
| 189 | - $crypt, |
|
| 190 | - \OC::$server->getConfig(), |
|
| 191 | - \OC::$server->getUserSession(), |
|
| 192 | - new \OCA\Encryption\Session(\OC::$server->getSession()), |
|
| 193 | - \OC::$server->getLogger(), |
|
| 194 | - $util, |
|
| 195 | - \OC::$server->getLockingProvider() |
|
| 196 | - ); |
|
| 197 | - $recovery = new \OCA\Encryption\Recovery( |
|
| 198 | - \OC::$server->getUserSession(), |
|
| 199 | - $crypt, |
|
| 200 | - $keyManager, |
|
| 201 | - \OC::$server->getConfig(), |
|
| 202 | - \OC::$server->getEncryptionFilesHelper(), |
|
| 203 | - new \OC\Files\View()); |
|
| 204 | - $recoveryAdminEnabled = $recovery->isRecoveryKeyEnabled(); |
|
| 172 | + if ($this->appManager->isEnabledForUser('encryption')) { |
|
| 173 | + //handle the recovery case |
|
| 174 | + $crypt = new \OCA\Encryption\Crypto\Crypt( |
|
| 175 | + \OC::$server->getLogger(), |
|
| 176 | + \OC::$server->getUserSession(), |
|
| 177 | + \OC::$server->getConfig(), |
|
| 178 | + \OC::$server->getL10N('encryption')); |
|
| 179 | + $keyStorage = \OC::$server->getEncryptionKeyStorage(); |
|
| 180 | + $util = new \OCA\Encryption\Util( |
|
| 181 | + new \OC\Files\View(), |
|
| 182 | + $crypt, |
|
| 183 | + \OC::$server->getLogger(), |
|
| 184 | + \OC::$server->getUserSession(), |
|
| 185 | + \OC::$server->getConfig(), |
|
| 186 | + \OC::$server->getUserManager()); |
|
| 187 | + $keyManager = new \OCA\Encryption\KeyManager( |
|
| 188 | + $keyStorage, |
|
| 189 | + $crypt, |
|
| 190 | + \OC::$server->getConfig(), |
|
| 191 | + \OC::$server->getUserSession(), |
|
| 192 | + new \OCA\Encryption\Session(\OC::$server->getSession()), |
|
| 193 | + \OC::$server->getLogger(), |
|
| 194 | + $util, |
|
| 195 | + \OC::$server->getLockingProvider() |
|
| 196 | + ); |
|
| 197 | + $recovery = new \OCA\Encryption\Recovery( |
|
| 198 | + \OC::$server->getUserSession(), |
|
| 199 | + $crypt, |
|
| 200 | + $keyManager, |
|
| 201 | + \OC::$server->getConfig(), |
|
| 202 | + \OC::$server->getEncryptionFilesHelper(), |
|
| 203 | + new \OC\Files\View()); |
|
| 204 | + $recoveryAdminEnabled = $recovery->isRecoveryKeyEnabled(); |
|
| 205 | 205 | |
| 206 | - $validRecoveryPassword = false; |
|
| 207 | - $recoveryEnabledForUser = false; |
|
| 208 | - if ($recoveryAdminEnabled) { |
|
| 209 | - $validRecoveryPassword = $keyManager->checkRecoveryPassword($recoveryPassword); |
|
| 210 | - $recoveryEnabledForUser = $recovery->isRecoveryEnabledForUser($username); |
|
| 211 | - } |
|
| 206 | + $validRecoveryPassword = false; |
|
| 207 | + $recoveryEnabledForUser = false; |
|
| 208 | + if ($recoveryAdminEnabled) { |
|
| 209 | + $validRecoveryPassword = $keyManager->checkRecoveryPassword($recoveryPassword); |
|
| 210 | + $recoveryEnabledForUser = $recovery->isRecoveryEnabledForUser($username); |
|
| 211 | + } |
|
| 212 | 212 | |
| 213 | - if ($recoveryEnabledForUser && $recoveryPassword === '') { |
|
| 214 | - return new JSONResponse([ |
|
| 215 | - 'status' => 'error', |
|
| 216 | - 'data' => [ |
|
| 217 | - 'message' => $this->l->t('Please provide an admin recovery password; otherwise, all user data will be lost.'), |
|
| 218 | - ] |
|
| 219 | - ]); |
|
| 220 | - } elseif ($recoveryEnabledForUser && ! $validRecoveryPassword) { |
|
| 221 | - return new JSONResponse([ |
|
| 222 | - 'status' => 'error', |
|
| 223 | - 'data' => [ |
|
| 224 | - 'message' => $this->l->t('Wrong admin recovery password. Please check the password and try again.'), |
|
| 225 | - ] |
|
| 226 | - ]); |
|
| 227 | - } else { // now we know that everything is fine regarding the recovery password, let's try to change the password |
|
| 228 | - try { |
|
| 229 | - $result = $targetUser->setPassword($password, $recoveryPassword); |
|
| 230 | - // password policy app throws exception |
|
| 231 | - } catch (HintException $e) { |
|
| 232 | - return new JSONResponse([ |
|
| 233 | - 'status' => 'error', |
|
| 234 | - 'data' => [ |
|
| 235 | - 'message' => $e->getHint(), |
|
| 236 | - ], |
|
| 237 | - ]); |
|
| 238 | - } |
|
| 239 | - if (!$result && $recoveryEnabledForUser) { |
|
| 240 | - return new JSONResponse([ |
|
| 241 | - 'status' => 'error', |
|
| 242 | - 'data' => [ |
|
| 243 | - 'message' => $this->l->t('Backend does not support password change, but the user\'s encryption key was updated.'), |
|
| 244 | - ] |
|
| 245 | - ]); |
|
| 246 | - } elseif (!$result && !$recoveryEnabledForUser) { |
|
| 247 | - return new JSONResponse([ |
|
| 248 | - 'status' => 'error', |
|
| 249 | - 'data' => [ |
|
| 250 | - 'message' => $this->l->t('Unable to change password'), |
|
| 251 | - ] |
|
| 252 | - ]); |
|
| 253 | - } |
|
| 254 | - } |
|
| 255 | - } else { |
|
| 256 | - try { |
|
| 257 | - if ($targetUser->setPassword($password) === false) { |
|
| 258 | - return new JSONResponse([ |
|
| 259 | - 'status' => 'error', |
|
| 260 | - 'data' => [ |
|
| 261 | - 'message' => $this->l->t('Unable to change password'), |
|
| 262 | - ], |
|
| 263 | - ]); |
|
| 264 | - } |
|
| 265 | - // password policy app throws exception |
|
| 266 | - } catch (HintException $e) { |
|
| 267 | - return new JSONResponse([ |
|
| 268 | - 'status' => 'error', |
|
| 269 | - 'data' => [ |
|
| 270 | - 'message' => $e->getHint(), |
|
| 271 | - ], |
|
| 272 | - ]); |
|
| 273 | - } |
|
| 274 | - } |
|
| 213 | + if ($recoveryEnabledForUser && $recoveryPassword === '') { |
|
| 214 | + return new JSONResponse([ |
|
| 215 | + 'status' => 'error', |
|
| 216 | + 'data' => [ |
|
| 217 | + 'message' => $this->l->t('Please provide an admin recovery password; otherwise, all user data will be lost.'), |
|
| 218 | + ] |
|
| 219 | + ]); |
|
| 220 | + } elseif ($recoveryEnabledForUser && ! $validRecoveryPassword) { |
|
| 221 | + return new JSONResponse([ |
|
| 222 | + 'status' => 'error', |
|
| 223 | + 'data' => [ |
|
| 224 | + 'message' => $this->l->t('Wrong admin recovery password. Please check the password and try again.'), |
|
| 225 | + ] |
|
| 226 | + ]); |
|
| 227 | + } else { // now we know that everything is fine regarding the recovery password, let's try to change the password |
|
| 228 | + try { |
|
| 229 | + $result = $targetUser->setPassword($password, $recoveryPassword); |
|
| 230 | + // password policy app throws exception |
|
| 231 | + } catch (HintException $e) { |
|
| 232 | + return new JSONResponse([ |
|
| 233 | + 'status' => 'error', |
|
| 234 | + 'data' => [ |
|
| 235 | + 'message' => $e->getHint(), |
|
| 236 | + ], |
|
| 237 | + ]); |
|
| 238 | + } |
|
| 239 | + if (!$result && $recoveryEnabledForUser) { |
|
| 240 | + return new JSONResponse([ |
|
| 241 | + 'status' => 'error', |
|
| 242 | + 'data' => [ |
|
| 243 | + 'message' => $this->l->t('Backend does not support password change, but the user\'s encryption key was updated.'), |
|
| 244 | + ] |
|
| 245 | + ]); |
|
| 246 | + } elseif (!$result && !$recoveryEnabledForUser) { |
|
| 247 | + return new JSONResponse([ |
|
| 248 | + 'status' => 'error', |
|
| 249 | + 'data' => [ |
|
| 250 | + 'message' => $this->l->t('Unable to change password'), |
|
| 251 | + ] |
|
| 252 | + ]); |
|
| 253 | + } |
|
| 254 | + } |
|
| 255 | + } else { |
|
| 256 | + try { |
|
| 257 | + if ($targetUser->setPassword($password) === false) { |
|
| 258 | + return new JSONResponse([ |
|
| 259 | + 'status' => 'error', |
|
| 260 | + 'data' => [ |
|
| 261 | + 'message' => $this->l->t('Unable to change password'), |
|
| 262 | + ], |
|
| 263 | + ]); |
|
| 264 | + } |
|
| 265 | + // password policy app throws exception |
|
| 266 | + } catch (HintException $e) { |
|
| 267 | + return new JSONResponse([ |
|
| 268 | + 'status' => 'error', |
|
| 269 | + 'data' => [ |
|
| 270 | + 'message' => $e->getHint(), |
|
| 271 | + ], |
|
| 272 | + ]); |
|
| 273 | + } |
|
| 274 | + } |
|
| 275 | 275 | |
| 276 | - return new JSONResponse([ |
|
| 277 | - 'status' => 'success', |
|
| 278 | - 'data' => [ |
|
| 279 | - 'username' => $username, |
|
| 280 | - ], |
|
| 281 | - ]); |
|
| 282 | - } |
|
| 276 | + return new JSONResponse([ |
|
| 277 | + 'status' => 'success', |
|
| 278 | + 'data' => [ |
|
| 279 | + 'username' => $username, |
|
| 280 | + ], |
|
| 281 | + ]); |
|
| 282 | + } |
|
| 283 | 283 | } |
@@ -46,9 +46,9 @@ |
||
| 46 | 46 | </div> |
| 47 | 47 | |
| 48 | 48 | <div id="postsetupchecks" data-check-wellknown="<?php if ($_['checkForWorkingWellKnownSetup']) { |
| 49 | - p('true'); |
|
| 49 | + p('true'); |
|
| 50 | 50 | } else { |
| 51 | - p('false'); |
|
| 51 | + p('false'); |
|
| 52 | 52 | } ?>"> |
| 53 | 53 | <ul class="errors hidden"></ul> |
| 54 | 54 | <ul class="warnings hidden"></ul> |
@@ -28,21 +28,21 @@ discard block |
||
| 28 | 28 | ?> |
| 29 | 29 | |
| 30 | 30 | <div id="security-warning" class="section"> |
| 31 | - <h2 class="inlineblock"><?php p($l->t('Security & setup warnings'));?></h2> |
|
| 32 | - <a target="_blank" rel="noreferrer" class="icon-info" title="<?php p($l->t('Open documentation'));?>" href="<?php p(link_to_docs('admin-warnings')); ?>"></a> |
|
| 33 | - <p class="settings-hint"><?php p($l->t('It\'s important for the security and performance of your instance that everything is configured correctly. To help you with that we are doing some automatic checks. Please see the linked documentation for more information.'));?></p> |
|
| 31 | + <h2 class="inlineblock"><?php p($l->t('Security & setup warnings')); ?></h2> |
|
| 32 | + <a target="_blank" rel="noreferrer" class="icon-info" title="<?php p($l->t('Open documentation')); ?>" href="<?php p(link_to_docs('admin-warnings')); ?>"></a> |
|
| 33 | + <p class="settings-hint"><?php p($l->t('It\'s important for the security and performance of your instance that everything is configured correctly. To help you with that we are doing some automatic checks. Please see the linked documentation for more information.')); ?></p> |
|
| 34 | 34 | |
| 35 | 35 | <div id="security-warning-state-ok" class="hidden"> |
| 36 | - <span class="icon icon-checkmark-white"></span><span class="message"><?php p($l->t('All checks passed.'));?></span> |
|
| 36 | + <span class="icon icon-checkmark-white"></span><span class="message"><?php p($l->t('All checks passed.')); ?></span> |
|
| 37 | 37 | </div> |
| 38 | 38 | <div id="security-warning-state-failure" class="hidden"> |
| 39 | - <span class="icon icon-close-white"></span><span class="message"><?php p($l->t('There are some errors regarding your setup.'));?></span> |
|
| 39 | + <span class="icon icon-close-white"></span><span class="message"><?php p($l->t('There are some errors regarding your setup.')); ?></span> |
|
| 40 | 40 | </div> |
| 41 | 41 | <div id="security-warning-state-warning" class="hidden"> |
| 42 | - <span class="icon icon-error-white"></span><span class="message"><?php p($l->t('There are some warnings regarding your setup.'));?></span> |
|
| 42 | + <span class="icon icon-error-white"></span><span class="message"><?php p($l->t('There are some warnings regarding your setup.')); ?></span> |
|
| 43 | 43 | </div> |
| 44 | 44 | <div id="security-warning-state-loading"> |
| 45 | - <span class="icon loading"></span><span class="message"><?php p($l->t('Checking for system and security issues.'));?></span> |
|
| 45 | + <span class="icon loading"></span><span class="message"><?php p($l->t('Checking for system and security issues.')); ?></span> |
|
| 46 | 46 | </div> |
| 47 | 47 | |
| 48 | 48 | <div id="postsetupchecks" data-check-wellknown="<?php if ($_['checkForWorkingWellKnownSetup']) { |
@@ -59,14 +59,14 @@ discard block |
||
| 59 | 59 | </p> |
| 60 | 60 | |
| 61 | 61 | <p class="extra-top-margin"> |
| 62 | - <?php print_unescaped($l->t('Check the security of your Nextcloud over <a target="_blank" rel="noreferrer noopener" href="%s">our security scan ↗</a>.', ['https://scan.nextcloud.com']));?> |
|
| 62 | + <?php print_unescaped($l->t('Check the security of your Nextcloud over <a target="_blank" rel="noreferrer noopener" href="%s">our security scan ↗</a>.', ['https://scan.nextcloud.com'])); ?> |
|
| 63 | 63 | </p> |
| 64 | 64 | |
| 65 | 65 | </div> |
| 66 | 66 | |
| 67 | 67 | <div id="version" class="section"> |
| 68 | 68 | <!-- should be the last part, so Updater can follow if enabled (it has no heading therefore). --> |
| 69 | - <h2><?php p($l->t('Version'));?></h2> |
|
| 69 | + <h2><?php p($l->t('Version')); ?></h2> |
|
| 70 | 70 | <?php if ($theme->getTitle() === 'Nextcloud'): ?> |
| 71 | 71 | <p><strong><a href="<?php print_unescaped($theme->getBaseUrl()); ?>" rel="noreferrer noopener" target="_blank">Nextcloud Hub 3</a> (<?php p(OC_Util::getHumanVersion()) ?>)</strong></p> |
| 72 | 72 | <?php else: ?> |
@@ -69,7 +69,10 @@ |
||
| 69 | 69 | <h2><?php p($l->t('Version'));?></h2> |
| 70 | 70 | <?php if ($theme->getTitle() === 'Nextcloud'): ?> |
| 71 | 71 | <p><strong><a href="<?php print_unescaped($theme->getBaseUrl()); ?>" rel="noreferrer noopener" target="_blank">Nextcloud Hub 3</a> (<?php p(OC_Util::getHumanVersion()) ?>)</strong></p> |
| 72 | - <?php else: ?> |
|
| 73 | - <p><strong><a href="<?php print_unescaped($theme->getBaseUrl()); ?>" rel="noreferrer noopener" target="_blank"><?php p($theme->getTitle()); ?></a> <?php p(OC_Util::getHumanVersion()) ?></strong></p> |
|
| 72 | + <?php else { |
|
| 73 | + : ?> |
|
| 74 | + <p><strong><a href="<?php print_unescaped($theme->getBaseUrl()); |
|
| 75 | +} |
|
| 76 | +?>" rel="noreferrer noopener" target="_blank"><?php p($theme->getTitle()); ?></a> <?php p(OC_Util::getHumanVersion()) ?></strong></p> |
|
| 74 | 77 | <?php endif; ?> |
| 75 | 78 | </div> |
@@ -27,7 +27,7 @@ |
||
| 27 | 27 | ?> |
| 28 | 28 | |
| 29 | 29 | <?php foreach ($_['forms'] as $form) { |
| 30 | - if (isset($form['form'])) {?> |
|
| 30 | + if (isset($form['form'])) {?> |
|
| 31 | 31 | <div id="<?php isset($form['anchor']) ? p($form['anchor']) : p('');?>"><?php print_unescaped($form['form']);?></div> |
| 32 | 32 | <?php } |
| 33 | 33 | } ?> |
@@ -28,6 +28,6 @@ |
||
| 28 | 28 | |
| 29 | 29 | <?php foreach ($_['forms'] as $form) { |
| 30 | 30 | if (isset($form['form'])) {?> |
| 31 | - <div id="<?php isset($form['anchor']) ? p($form['anchor']) : p('');?>"><?php print_unescaped($form['form']);?></div> |
|
| 31 | + <div id="<?php isset($form['anchor']) ? p($form['anchor']) : p(''); ?>"><?php print_unescaped($form['form']); ?></div> |
|
| 32 | 32 | <?php } |
| 33 | 33 | } ?> |
