nextcloud / server

apps/user_ldap/lib/User_Proxy.php

Spacing +2 added lines, -2 removed lines

@@ -197,7 +197,7 @@ 
 	 * @return string|false
 	 */
 	public function loginName2UserName($loginName) {
-		$id = 'LOGINNAME,' . $loginName;
+		$id = 'LOGINNAME,'.$loginName;
 		return $this->handleRequest($id, 'loginName2UserName', [$loginName]);
 	}
 	
@@ -208,7 +208,7 @@ 
 	 * @return string|false with the username
 	 */
 	public function dn2UserName($dn) {
-		$id = 'DN,' . $dn;
+		$id = 'DN,'.$dn;
 		return $this->handleRequest($id, 'dn2UserName', [$dn]);
 	}
 

Indentation +323 added lines, -323 removed lines

@@ -38,352 +38,352 @@
 use OCP\Notification\IManager as INotificationManager;
 
 class User_Proxy extends Proxy implements \OCP\IUserBackend, \OCP\UserInterface, IUserLDAP {
-	private $backends = [];
-	/** @var User_LDAP */
-	private $refBackend = null;
+    private $backends = [];
+    /** @var User_LDAP */
+    private $refBackend = null;
 
-	public function __construct(
-		Helper $helper,
-		ILDAPWrapper $ldap,
-		IConfig $ocConfig,
-		INotificationManager $notificationManager,
-		IUserSession $userSession,
-		UserPluginManager $userPluginManager
-	) {
-		parent::__construct($ldap);
-		$serverConfigPrefixes = $helper->getServerConfigurationPrefixes(true);
-		foreach ($serverConfigPrefixes as $configPrefix) {
-			$this->backends[$configPrefix] =
-				new User_LDAP($this->getAccess($configPrefix), $ocConfig, $notificationManager, $userSession, $userPluginManager);
+    public function __construct(
+        Helper $helper,
+        ILDAPWrapper $ldap,
+        IConfig $ocConfig,
+        INotificationManager $notificationManager,
+        IUserSession $userSession,
+        UserPluginManager $userPluginManager
+    ) {
+        parent::__construct($ldap);
+        $serverConfigPrefixes = $helper->getServerConfigurationPrefixes(true);
+        foreach ($serverConfigPrefixes as $configPrefix) {
+            $this->backends[$configPrefix] =
+                new User_LDAP($this->getAccess($configPrefix), $ocConfig, $notificationManager, $userSession, $userPluginManager);
 
-			if (is_null($this->refBackend)) {
-				$this->refBackend = &$this->backends[$configPrefix];
-			}
-		}
-	}
+            if (is_null($this->refBackend)) {
+                $this->refBackend = &$this->backends[$configPrefix];
+            }
+        }
+    }
 
-	/**
-	 * Tries the backends one after the other until a positive result is returned from the specified method
-	 *
-	 * @param string $id the uid connected to the request
-	 * @param string $method the method of the user backend that shall be called
-	 * @param array $parameters an array of parameters to be passed
-	 * @return mixed the result of the method or false
-	 */
-	protected function walkBackends($id, $method, $parameters) {
-		$uid = $id;
-		$cacheKey = $this->getUserCacheKey($uid);
-		foreach ($this->backends as $configPrefix => $backend) {
-			$instance = $backend;
-			if (!method_exists($instance, $method)
-				&& method_exists($this->getAccess($configPrefix), $method)) {
-				$instance = $this->getAccess($configPrefix);
-			}
-			if ($result = call_user_func_array([$instance, $method], $parameters)) {
-				if (!$this->isSingleBackend()) {
-					$this->writeToCache($cacheKey, $configPrefix);
-				}
-				return $result;
-			}
-		}
-		return false;
-	}
+    /**
+     * Tries the backends one after the other until a positive result is returned from the specified method
+     *
+     * @param string $id the uid connected to the request
+     * @param string $method the method of the user backend that shall be called
+     * @param array $parameters an array of parameters to be passed
+     * @return mixed the result of the method or false
+     */
+    protected function walkBackends($id, $method, $parameters) {
+        $uid = $id;
+        $cacheKey = $this->getUserCacheKey($uid);
+        foreach ($this->backends as $configPrefix => $backend) {
+            $instance = $backend;
+            if (!method_exists($instance, $method)
+                && method_exists($this->getAccess($configPrefix), $method)) {
+                $instance = $this->getAccess($configPrefix);
+            }
+            if ($result = call_user_func_array([$instance, $method], $parameters)) {
+                if (!$this->isSingleBackend()) {
+                    $this->writeToCache($cacheKey, $configPrefix);
+                }
+                return $result;
+            }
+        }
+        return false;
+    }
 
-	/**
-	 * Asks the backend connected to the server that supposely takes care of the uid from the request.
-	 *
-	 * @param string $id the uid connected to the request
-	 * @param string $method the method of the user backend that shall be called
-	 * @param array $parameters an array of parameters to be passed
-	 * @param mixed $passOnWhen the result matches this variable
-	 * @return mixed the result of the method or false
-	 */
-	protected function callOnLastSeenOn($id, $method, $parameters, $passOnWhen) {
-		$uid = $id;
-		$cacheKey = $this->getUserCacheKey($uid);
-		$prefix = $this->getFromCache($cacheKey);
-		//in case the uid has been found in the past, try this stored connection first
-		if (!is_null($prefix)) {
-			if (isset($this->backends[$prefix])) {
-				$instance = $this->backends[$prefix];
-				if (!method_exists($instance, $method)
-					&& method_exists($this->getAccess($prefix), $method)) {
-					$instance = $this->getAccess($prefix);
-				}
-				$result = call_user_func_array([$instance, $method], $parameters);
-				if ($result === $passOnWhen) {
-					//not found here, reset cache to null if user vanished
-					//because sometimes methods return false with a reason
-					$userExists = call_user_func_array(
-						[$this->backends[$prefix], 'userExistsOnLDAP'],
-						[$uid]
-					);
-					if (!$userExists) {
-						$this->writeToCache($cacheKey, null);
-					}
-				}
-				return $result;
-			}
-		}
-		return false;
-	}
+    /**
+     * Asks the backend connected to the server that supposely takes care of the uid from the request.
+     *
+     * @param string $id the uid connected to the request
+     * @param string $method the method of the user backend that shall be called
+     * @param array $parameters an array of parameters to be passed
+     * @param mixed $passOnWhen the result matches this variable
+     * @return mixed the result of the method or false
+     */
+    protected function callOnLastSeenOn($id, $method, $parameters, $passOnWhen) {
+        $uid = $id;
+        $cacheKey = $this->getUserCacheKey($uid);
+        $prefix = $this->getFromCache($cacheKey);
+        //in case the uid has been found in the past, try this stored connection first
+        if (!is_null($prefix)) {
+            if (isset($this->backends[$prefix])) {
+                $instance = $this->backends[$prefix];
+                if (!method_exists($instance, $method)
+                    && method_exists($this->getAccess($prefix), $method)) {
+                    $instance = $this->getAccess($prefix);
+                }
+                $result = call_user_func_array([$instance, $method], $parameters);
+                if ($result === $passOnWhen) {
+                    //not found here, reset cache to null if user vanished
+                    //because sometimes methods return false with a reason
+                    $userExists = call_user_func_array(
+                        [$this->backends[$prefix], 'userExistsOnLDAP'],
+                        [$uid]
+                    );
+                    if (!$userExists) {
+                        $this->writeToCache($cacheKey, null);
+                    }
+                }
+                return $result;
+            }
+        }
+        return false;
+    }
 
-	protected function activeBackends(): int {
-		return count($this->backends);
-	}
+    protected function activeBackends(): int {
+        return count($this->backends);
+    }
 
-	/**
-	 * Check if backend implements actions
-	 *
-	 * @param int $actions bitwise-or'ed actions
-	 * @return boolean
-	 *
-	 * Returns the supported actions as int to be
-	 * compared with \OC\User\Backend::CREATE_USER etc.
-	 */
-	public function implementsActions($actions) {
-		//it's the same across all our user backends obviously
-		return $this->refBackend->implementsActions($actions);
-	}
+    /**
+     * Check if backend implements actions
+     *
+     * @param int $actions bitwise-or'ed actions
+     * @return boolean
+     *
+     * Returns the supported actions as int to be
+     * compared with \OC\User\Backend::CREATE_USER etc.
+     */
+    public function implementsActions($actions) {
+        //it's the same across all our user backends obviously
+        return $this->refBackend->implementsActions($actions);
+    }
 
-	/**
-	 * Backend name to be shown in user management
-	 *
-	 * @return string the name of the backend to be shown
-	 */
-	public function getBackendName() {
-		return $this->refBackend->getBackendName();
-	}
+    /**
+     * Backend name to be shown in user management
+     *
+     * @return string the name of the backend to be shown
+     */
+    public function getBackendName() {
+        return $this->refBackend->getBackendName();
+    }
 
-	/**
-	 * Get a list of all users
-	 *
-	 * @param string $search
-	 * @param null|int $limit
-	 * @param null|int $offset
-	 * @return string[] an array of all uids
-	 */
-	public function getUsers($search = '', $limit = 10, $offset = 0) {
-		//we do it just as the /OC_User implementation: do not play around with limit and offset but ask all backends
-		$users = [];
-		foreach ($this->backends as $backend) {
-			$backendUsers = $backend->getUsers($search, $limit, $offset);
-			if (is_array($backendUsers)) {
-				$users = array_merge($users, $backendUsers);
-			}
-		}
-		return $users;
-	}
+    /**
+     * Get a list of all users
+     *
+     * @param string $search
+     * @param null|int $limit
+     * @param null|int $offset
+     * @return string[] an array of all uids
+     */
+    public function getUsers($search = '', $limit = 10, $offset = 0) {
+        //we do it just as the /OC_User implementation: do not play around with limit and offset but ask all backends
+        $users = [];
+        foreach ($this->backends as $backend) {
+            $backendUsers = $backend->getUsers($search, $limit, $offset);
+            if (is_array($backendUsers)) {
+                $users = array_merge($users, $backendUsers);
+            }
+        }
+        return $users;
+    }
 
-	/**
-	 * check if a user exists
-	 *
-	 * @param string $uid the username
-	 * @return boolean
-	 */
-	public function userExists($uid) {
-		$existsOnLDAP = false;
-		$existsLocally = $this->handleRequest($uid, 'userExists', [$uid]);
-		if ($existsLocally) {
-			$existsOnLDAP = $this->userExistsOnLDAP($uid);
-		}
-		if ($existsLocally && !$existsOnLDAP) {
-			try {
-				$user = $this->getLDAPAccess($uid)->userManager->get($uid);
-				if ($user instanceof User) {
-					$user->markUser();
-				}
-			} catch (\Exception $e) {
-				// ignore
-			}
-		}
-		return $existsLocally;
-	}
+    /**
+     * check if a user exists
+     *
+     * @param string $uid the username
+     * @return boolean
+     */
+    public function userExists($uid) {
+        $existsOnLDAP = false;
+        $existsLocally = $this->handleRequest($uid, 'userExists', [$uid]);
+        if ($existsLocally) {
+            $existsOnLDAP = $this->userExistsOnLDAP($uid);
+        }
+        if ($existsLocally && !$existsOnLDAP) {
+            try {
+                $user = $this->getLDAPAccess($uid)->userManager->get($uid);
+                if ($user instanceof User) {
+                    $user->markUser();
+                }
+            } catch (\Exception $e) {
+                // ignore
+            }
+        }
+        return $existsLocally;
+    }
 
-	/**
-	 * check if a user exists on LDAP
-	 *
-	 * @param string|\OCA\User_LDAP\User\User $user either the Nextcloud user
-	 * name or an instance of that user
-	 * @return boolean
-	 */
-	public function userExistsOnLDAP($user) {
-		$id = ($user instanceof User) ? $user->getUsername() : $user;
-		return $this->handleRequest($id, 'userExistsOnLDAP', [$user]);
-	}
+    /**
+     * check if a user exists on LDAP
+     *
+     * @param string|\OCA\User_LDAP\User\User $user either the Nextcloud user
+     * name or an instance of that user
+     * @return boolean
+     */
+    public function userExistsOnLDAP($user) {
+        $id = ($user instanceof User) ? $user->getUsername() : $user;
+        return $this->handleRequest($id, 'userExistsOnLDAP', [$user]);
+    }
 
-	/**
-	 * Check if the password is correct
-	 *
-	 * @param string $uid The username
-	 * @param string $password The password
-	 * @return bool
-	 *
-	 * Check if the password is correct without logging in the user
-	 */
-	public function checkPassword($uid, $password) {
-		return $this->handleRequest($uid, 'checkPassword', [$uid, $password]);
-	}
+    /**
+     * Check if the password is correct
+     *
+     * @param string $uid The username
+     * @param string $password The password
+     * @return bool
+     *
+     * Check if the password is correct without logging in the user
+     */
+    public function checkPassword($uid, $password) {
+        return $this->handleRequest($uid, 'checkPassword', [$uid, $password]);
+    }
 
-	/**
-	 * returns the username for the given login name, if available
-	 *
-	 * @param string $loginName
-	 * @return string|false
-	 */
-	public function loginName2UserName($loginName) {
-		$id = 'LOGINNAME,' . $loginName;
-		return $this->handleRequest($id, 'loginName2UserName', [$loginName]);
-	}
+    /**
+     * returns the username for the given login name, if available
+     *
+     * @param string $loginName
+     * @return string|false
+     */
+    public function loginName2UserName($loginName) {
+        $id = 'LOGINNAME,' . $loginName;
+        return $this->handleRequest($id, 'loginName2UserName', [$loginName]);
+    }
 
-	/**
-	 * returns the username for the given LDAP DN, if available
-	 *
-	 * @param string $dn
-	 * @return string|false with the username
-	 */
-	public function dn2UserName($dn) {
-		$id = 'DN,' . $dn;
-		return $this->handleRequest($id, 'dn2UserName', [$dn]);
-	}
+    /**
+     * returns the username for the given LDAP DN, if available
+     *
+     * @param string $dn
+     * @return string|false with the username
+     */
+    public function dn2UserName($dn) {
+        $id = 'DN,' . $dn;
+        return $this->handleRequest($id, 'dn2UserName', [$dn]);
+    }
 
-	/**
-	 * get the user's home directory
-	 *
-	 * @param string $uid the username
-	 * @return boolean
-	 */
-	public function getHome($uid) {
-		return $this->handleRequest($uid, 'getHome', [$uid]);
-	}
+    /**
+     * get the user's home directory
+     *
+     * @param string $uid the username
+     * @return boolean
+     */
+    public function getHome($uid) {
+        return $this->handleRequest($uid, 'getHome', [$uid]);
+    }
 
-	/**
-	 * get display name of the user
-	 *
-	 * @param string $uid user ID of the user
-	 * @return string display name
-	 */
-	public function getDisplayName($uid) {
-		return $this->handleRequest($uid, 'getDisplayName', [$uid]);
-	}
+    /**
+     * get display name of the user
+     *
+     * @param string $uid user ID of the user
+     * @return string display name
+     */
+    public function getDisplayName($uid) {
+        return $this->handleRequest($uid, 'getDisplayName', [$uid]);
+    }
 
-	/**
-	 * set display name of the user
-	 *
-	 * @param string $uid user ID of the user
-	 * @param string $displayName new display name
-	 * @return string display name
-	 */
-	public function setDisplayName($uid, $displayName) {
-		return $this->handleRequest($uid, 'setDisplayName', [$uid, $displayName]);
-	}
+    /**
+     * set display name of the user
+     *
+     * @param string $uid user ID of the user
+     * @param string $displayName new display name
+     * @return string display name
+     */
+    public function setDisplayName($uid, $displayName) {
+        return $this->handleRequest($uid, 'setDisplayName', [$uid, $displayName]);
+    }
 
-	/**
-	 * checks whether the user is allowed to change his avatar in Nextcloud
-	 *
-	 * @param string $uid the Nextcloud user name
-	 * @return boolean either the user can or cannot
-	 */
-	public function canChangeAvatar($uid) {
-		return $this->handleRequest($uid, 'canChangeAvatar', [$uid], true);
-	}
+    /**
+     * checks whether the user is allowed to change his avatar in Nextcloud
+     *
+     * @param string $uid the Nextcloud user name
+     * @return boolean either the user can or cannot
+     */
+    public function canChangeAvatar($uid) {
+        return $this->handleRequest($uid, 'canChangeAvatar', [$uid], true);
+    }
 
-	/**
-	 * Get a list of all display names and user ids.
-	 *
-	 * @param string $search
-	 * @param int|null $limit
-	 * @param int|null $offset
-	 * @return array an array of all displayNames (value) and the corresponding uids (key)
-	 */
-	public function getDisplayNames($search = '', $limit = null, $offset = null) {
-		//we do it just as the /OC_User implementation: do not play around with limit and offset but ask all backends
-		$users = [];
-		foreach ($this->backends as $backend) {
-			$backendUsers = $backend->getDisplayNames($search, $limit, $offset);
-			if (is_array($backendUsers)) {
-				$users = $users + $backendUsers;
-			}
-		}
-		return $users;
-	}
+    /**
+     * Get a list of all display names and user ids.
+     *
+     * @param string $search
+     * @param int|null $limit
+     * @param int|null $offset
+     * @return array an array of all displayNames (value) and the corresponding uids (key)
+     */
+    public function getDisplayNames($search = '', $limit = null, $offset = null) {
+        //we do it just as the /OC_User implementation: do not play around with limit and offset but ask all backends
+        $users = [];
+        foreach ($this->backends as $backend) {
+            $backendUsers = $backend->getDisplayNames($search, $limit, $offset);
+            if (is_array($backendUsers)) {
+                $users = $users + $backendUsers;
+            }
+        }
+        return $users;
+    }
 
-	/**
-	 * delete a user
-	 *
-	 * @param string $uid The username of the user to delete
-	 * @return bool
-	 *
-	 * Deletes a user
-	 */
-	public function deleteUser($uid) {
-		return $this->handleRequest($uid, 'deleteUser', [$uid]);
-	}
+    /**
+     * delete a user
+     *
+     * @param string $uid The username of the user to delete
+     * @return bool
+     *
+     * Deletes a user
+     */
+    public function deleteUser($uid) {
+        return $this->handleRequest($uid, 'deleteUser', [$uid]);
+    }
 
-	/**
-	 * Set password
-	 *
-	 * @param string $uid The username
-	 * @param string $password The new password
-	 * @return bool
-	 *
-	 */
-	public function setPassword($uid, $password) {
-		return $this->handleRequest($uid, 'setPassword', [$uid, $password]);
-	}
+    /**
+     * Set password
+     *
+     * @param string $uid The username
+     * @param string $password The new password
+     * @return bool
+     *
+     */
+    public function setPassword($uid, $password) {
+        return $this->handleRequest($uid, 'setPassword', [$uid, $password]);
+    }
 
-	/**
-	 * @return bool
-	 */
-	public function hasUserListings() {
-		return $this->refBackend->hasUserListings();
-	}
+    /**
+     * @return bool
+     */
+    public function hasUserListings() {
+        return $this->refBackend->hasUserListings();
+    }
 
-	/**
-	 * Count the number of users
-	 *
-	 * @return int|bool
-	 */
-	public function countUsers() {
-		$users = false;
-		foreach ($this->backends as $backend) {
-			$backendUsers = $backend->countUsers();
-			if ($backendUsers !== false) {
-				$users += $backendUsers;
-			}
-		}
-		return $users;
-	}
+    /**
+     * Count the number of users
+     *
+     * @return int|bool
+     */
+    public function countUsers() {
+        $users = false;
+        foreach ($this->backends as $backend) {
+            $backendUsers = $backend->countUsers();
+            if ($backendUsers !== false) {
+                $users += $backendUsers;
+            }
+        }
+        return $users;
+    }
 
-	/**
-	 * Return access for LDAP interaction.
-	 *
-	 * @param string $uid
-	 * @return Access instance of Access for LDAP interaction
-	 */
-	public function getLDAPAccess($uid) {
-		return $this->handleRequest($uid, 'getLDAPAccess', [$uid]);
-	}
+    /**
+     * Return access for LDAP interaction.
+     *
+     * @param string $uid
+     * @return Access instance of Access for LDAP interaction
+     */
+    public function getLDAPAccess($uid) {
+        return $this->handleRequest($uid, 'getLDAPAccess', [$uid]);
+    }
 
-	/**
-	 * Return a new LDAP connection for the specified user.
-	 * The connection needs to be closed manually.
-	 *
-	 * @param string $uid
-	 * @return resource of the LDAP connection
-	 */
-	public function getNewLDAPConnection($uid) {
-		return $this->handleRequest($uid, 'getNewLDAPConnection', [$uid]);
-	}
+    /**
+     * Return a new LDAP connection for the specified user.
+     * The connection needs to be closed manually.
+     *
+     * @param string $uid
+     * @return resource of the LDAP connection
+     */
+    public function getNewLDAPConnection($uid) {
+        return $this->handleRequest($uid, 'getNewLDAPConnection', [$uid]);
+    }
 
-	/**
-	 * Creates a new user in LDAP
-	 *
-	 * @param $username
-	 * @param $password
-	 * @return bool
-	 */
-	public function createUser($username, $password) {
-		return $this->handleRequest($username, 'createUser', [$username, $password]);
-	}
+    /**
+     * Creates a new user in LDAP
+     *
+     * @param $username
+     * @param $password
+     * @return bool
+     */
+    public function createUser($username, $password) {
+        return $this->handleRequest($username, 'createUser', [$username, $password]);
+    }
 }

apps/user_ldap/lib/BackendUtility.php

Indentation +8 added lines, -8 removed lines

@@ -26,13 +26,13 @@
 namespace OCA\User_LDAP;
 
 abstract class BackendUtility {
-	protected $access;
+    protected $access;
 
-	/**
-	 * constructor, make sure the subclasses call this one!
-	 * @param Access $access an instance of Access for LDAP interaction
-	 */
-	public function __construct(Access $access) {
-		$this->access = $access;
-	}
+    /**
+     * constructor, make sure the subclasses call this one!
+     * @param Access $access an instance of Access for LDAP interaction
+     */
+    public function __construct(Access $access) {
+        $this->access = $access;
+    }
 }

apps/user_ldap/ajax/getNewServerConfigPrefix.php

Indentation +5 added lines, -5 removed lines

@@ -38,12 +38,12 @@
 
 $newConfig = new \OCA\User_LDAP\Configuration($nk, false);
 if (isset($_POST['copyConfig'])) {
-	$originalConfig = new \OCA\User_LDAP\Configuration($_POST['copyConfig']);
-	$newConfig->setConfiguration($originalConfig->getConfiguration());
+    $originalConfig = new \OCA\User_LDAP\Configuration($_POST['copyConfig']);
+    $newConfig->setConfiguration($originalConfig->getConfiguration());
 } else {
-	$configuration = new \OCA\User_LDAP\Configuration($nk, false);
-	$newConfig->setConfiguration($configuration->getDefaults());
-	$resultData['defaults'] = $configuration->getDefaults();
+    $configuration = new \OCA\User_LDAP\Configuration($nk, false);
+    $newConfig->setConfiguration($configuration->getDefaults());
+    $resultData['defaults'] = $configuration->getDefaults();
 }
 $newConfig->saveConfiguration();
 

Spacing +1 added lines, -1 removed lines

@@ -33,7 +33,7 @@
 $serverConnections = $helper->getServerConfigurationPrefixes();
 sort($serverConnections);
 $lk = array_pop($serverConnections);
-$ln = (int)str_replace('s', '', $lk);
+$ln = (int) str_replace('s', '', $lk);
 $nk = 's'.str_pad($ln + 1, 2, '0', STR_PAD_LEFT);
 
 $resultData = ['configPrefix' => $nk];

apps/encryption/lib/Util.php

Spacing +2 added lines, -2 removed lines

@@ -167,7 +167,7 @@ 
 	 * @return bool
 	 */
 	public function userHasFiles($uid) {
-		return $this->files->file_exists($uid . '/files');
+		return $this->files->file_exists($uid.'/files');
 	}
 
 	/**
@@ -183,7 +183,7 @@ 
 		if (count($parts) > 1) {
 			$owner = $parts[1];
 			if ($this->userManager->userExists($owner) === false) {
-				throw new \BadMethodCallException('Unknown user: ' .
+				throw new \BadMethodCallException('Unknown user: '.
 				'method expects path to a user folder relative to the data folder');
 			}
 		}

Indentation +160 added lines, -160 removed lines

@@ -36,164 +36,164 @@
 use OCP\PreConditionNotMetException;
 
 class Util {
-	/**
-	 * @var View
-	 */
-	private $files;
-	/**
-	 * @var Crypt
-	 */
-	private $crypt;
-	/**
-	 * @var ILogger
-	 */
-	private $logger;
-	/**
-	 * @var bool|IUser
-	 */
-	private $user;
-	/**
-	 * @var IConfig
-	 */
-	private $config;
-	/**
-	 * @var IUserManager
-	 */
-	private $userManager;
-
-	/**
-	 * Util constructor.
-	 *
-	 * @param View $files
-	 * @param Crypt $crypt
-	 * @param ILogger $logger
-	 * @param IUserSession $userSession
-	 * @param IConfig $config
-	 * @param IUserManager $userManager
-	 */
-	public function __construct(View $files,
-								Crypt $crypt,
-								ILogger $logger,
-								IUserSession $userSession,
-								IConfig $config,
-								IUserManager $userManager
-	) {
-		$this->files = $files;
-		$this->crypt = $crypt;
-		$this->logger = $logger;
-		$this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser() : false;
-		$this->config = $config;
-		$this->userManager = $userManager;
-	}
-
-	/**
-	 * check if recovery key is enabled for user
-	 *
-	 * @param string $uid
-	 * @return bool
-	 */
-	public function isRecoveryEnabledForUser($uid) {
-		$recoveryMode = $this->config->getUserValue($uid,
-			'encryption',
-			'recoveryEnabled',
-			'0');
-
-		return ($recoveryMode === '1');
-	}
-
-	/**
-	 * check if the home storage should be encrypted
-	 *
-	 * @return bool
-	 */
-	public function shouldEncryptHomeStorage() {
-		$encryptHomeStorage = $this->config->getAppValue(
-			'encryption',
-			'encryptHomeStorage',
-			'1'
-		);
-
-		return ($encryptHomeStorage === '1');
-	}
-
-	/**
-	 * set the home storage encryption on/off
-	 *
-	 * @param bool $encryptHomeStorage
-	 */
-	public function setEncryptHomeStorage($encryptHomeStorage) {
-		$value = $encryptHomeStorage ? '1' : '0';
-		$this->config->setAppValue(
-			'encryption',
-			'encryptHomeStorage',
-			$value
-		);
-	}
-
-	/**
-	 * check if master key is enabled
-	 *
-	 * @return bool
-	 */
-	public function isMasterKeyEnabled() {
-		$userMasterKey = $this->config->getAppValue('encryption', 'useMasterKey', '1');
-		return ($userMasterKey === '1');
-	}
-
-	/**
-	 * @param $enabled
-	 * @return bool
-	 */
-	public function setRecoveryForUser($enabled) {
-		$value = $enabled ? '1' : '0';
-
-		try {
-			$this->config->setUserValue($this->user->getUID(),
-				'encryption',
-				'recoveryEnabled',
-				$value);
-			return true;
-		} catch (PreConditionNotMetException $e) {
-			return false;
-		}
-	}
-
-	/**
-	 * @param string $uid
-	 * @return bool
-	 */
-	public function userHasFiles($uid) {
-		return $this->files->file_exists($uid . '/files');
-	}
-
-	/**
-	 * get owner from give path, path relative to data/ expected
-	 *
-	 * @param string $path relative to data/
-	 * @return string
-	 * @throws \BadMethodCallException
-	 */
-	public function getOwner($path) {
-		$owner = '';
-		$parts = explode('/', $path, 3);
-		if (count($parts) > 1) {
-			$owner = $parts[1];
-			if ($this->userManager->userExists($owner) === false) {
-				throw new \BadMethodCallException('Unknown user: ' .
-				'method expects path to a user folder relative to the data folder');
-			}
-		}
-
-		return $owner;
-	}
-
-	/**
-	 * get storage of path
-	 *
-	 * @param string $path
-	 * @return \OC\Files\Storage\Storage|null
-	 */
-	public function getStorage($path) {
-		return $this->files->getMount($path)->getStorage();
-	}
+    /**
+     * @var View
+     */
+    private $files;
+    /**
+     * @var Crypt
+     */
+    private $crypt;
+    /**
+     * @var ILogger
+     */
+    private $logger;
+    /**
+     * @var bool|IUser
+     */
+    private $user;
+    /**
+     * @var IConfig
+     */
+    private $config;
+    /**
+     * @var IUserManager
+     */
+    private $userManager;
+
+    /**
+     * Util constructor.
+     *
+     * @param View $files
+     * @param Crypt $crypt
+     * @param ILogger $logger
+     * @param IUserSession $userSession
+     * @param IConfig $config
+     * @param IUserManager $userManager
+     */
+    public function __construct(View $files,
+                                Crypt $crypt,
+                                ILogger $logger,
+                                IUserSession $userSession,
+                                IConfig $config,
+                                IUserManager $userManager
+    ) {
+        $this->files = $files;
+        $this->crypt = $crypt;
+        $this->logger = $logger;
+        $this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser() : false;
+        $this->config = $config;
+        $this->userManager = $userManager;
+    }
+
+    /**
+     * check if recovery key is enabled for user
+     *
+     * @param string $uid
+     * @return bool
+     */
+    public function isRecoveryEnabledForUser($uid) {
+        $recoveryMode = $this->config->getUserValue($uid,
+            'encryption',
+            'recoveryEnabled',
+            '0');
+
+        return ($recoveryMode === '1');
+    }
+
+    /**
+     * check if the home storage should be encrypted
+     *
+     * @return bool
+     */
+    public function shouldEncryptHomeStorage() {
+        $encryptHomeStorage = $this->config->getAppValue(
+            'encryption',
+            'encryptHomeStorage',
+            '1'
+        );
+
+        return ($encryptHomeStorage === '1');
+    }
+
+    /**
+     * set the home storage encryption on/off
+     *
+     * @param bool $encryptHomeStorage
+     */
+    public function setEncryptHomeStorage($encryptHomeStorage) {
+        $value = $encryptHomeStorage ? '1' : '0';
+        $this->config->setAppValue(
+            'encryption',
+            'encryptHomeStorage',
+            $value
+        );
+    }
+
+    /**
+     * check if master key is enabled
+     *
+     * @return bool
+     */
+    public function isMasterKeyEnabled() {
+        $userMasterKey = $this->config->getAppValue('encryption', 'useMasterKey', '1');
+        return ($userMasterKey === '1');
+    }
+
+    /**
+     * @param $enabled
+     * @return bool
+     */
+    public function setRecoveryForUser($enabled) {
+        $value = $enabled ? '1' : '0';
+
+        try {
+            $this->config->setUserValue($this->user->getUID(),
+                'encryption',
+                'recoveryEnabled',
+                $value);
+            return true;
+        } catch (PreConditionNotMetException $e) {
+            return false;
+        }
+    }
+
+    /**
+     * @param string $uid
+     * @return bool
+     */
+    public function userHasFiles($uid) {
+        return $this->files->file_exists($uid . '/files');
+    }
+
+    /**
+     * get owner from give path, path relative to data/ expected
+     *
+     * @param string $path relative to data/
+     * @return string
+     * @throws \BadMethodCallException
+     */
+    public function getOwner($path) {
+        $owner = '';
+        $parts = explode('/', $path, 3);
+        if (count($parts) > 1) {
+            $owner = $parts[1];
+            if ($this->userManager->userExists($owner) === false) {
+                throw new \BadMethodCallException('Unknown user: ' .
+                'method expects path to a user folder relative to the data folder');
+            }
+        }
+
+        return $owner;
+    }
+
+    /**
+     * get storage of path
+     *
+     * @param string $path
+     * @return \OC\Files\Storage\Storage|null
+     */
+    public function getStorage($path) {
+        return $this->files->getMount($path)->getStorage();
+    }
 }

apps/encryption/lib/Crypto/Encryption.php

Spacing +6 added lines, -6 removed lines

@@ -204,7 +204,7 @@ 
 		// always use the version from the original file, also part files
 		// need to have a correct version number if they get moved over to the
 		// final location
-		$this->version = (int)$this->keyManager->getVersion($this->stripPartFileExtension($path), new View());
+		$this->version = (int) $this->keyManager->getVersion($this->stripPartFileExtension($path), new View());
 
 		if (
 			$mode === 'w'
@@ -308,7 +308,7 @@ 
 		if ($this->writeCache) {
 
 			// Concat writeCache to start of $data
-			$data = $this->writeCache . $data;
+			$data = $this->writeCache.$data;
 
 			// Clear the write cache, ready for reuse - it has been
 			// flushed and its old contents processed
@@ -404,7 +404,7 @@ 
 					try {
 						$publicKeys[$user] = $this->keyManager->getPublicKey($user);
 					} catch (PublicKeyMissingException $e) {
-						$this->logger->warning('Could not encrypt file for ' . $user . ': ' . $e->getMessage());
+						$this->logger->warning('Could not encrypt file for '.$user.': '.$e->getMessage());
 					}
 				}
 			}
@@ -492,8 +492,8 @@ 
 				// error message because in this case it means that the file was
 				// shared with the user at a point where the user didn't had a
 				// valid private/public key
-				$msg = 'Encryption module "' . $this->getDisplayName() .
-					'" is not able to read ' . $path;
+				$msg = 'Encryption module "'.$this->getDisplayName().
+					'" is not able to read '.$path;
 				$hint = $this->l->t('Can not read this file, probably this is a shared file. Please ask the file owner to reshare the file with you.');
 				$this->logger->warning($msg);
 				throw new DecryptionFailedException($msg, $hint);
@@ -535,7 +535,7 @@ 
 		$realPath = $path;
 		$parts = explode('/', $path);
 		if ($parts[2] === 'files_versions') {
-			$realPath = '/' . $parts[1] . '/files/' . implode('/', array_slice($parts, 3));
+			$realPath = '/'.$parts[1].'/files/'.implode('/', array_slice($parts, 3));
 			$length = strrpos($realPath, '.');
 			$realPath = substr($realPath, 0, $length);
 		}

Indentation +549 added lines, -549 removed lines

@@ -46,553 +46,553 @@
 use Symfony\Component\Console\Output\OutputInterface;
 
 class Encryption implements IEncryptionModule {
-	public const ID = 'OC_DEFAULT_MODULE';
-	public const DISPLAY_NAME = 'Default encryption module';
-
-	/**
-	 * @var Crypt
-	 */
-	private $crypt;
-
-	/** @var string */
-	private $cipher;
-
-	/** @var string */
-	private $path;
-
-	/** @var string */
-	private $user;
-
-	/** @var  array */
-	private $owner;
-
-	/** @var string */
-	private $fileKey;
-
-	/** @var string */
-	private $writeCache;
-
-	/** @var KeyManager */
-	private $keyManager;
-
-	/** @var array */
-	private $accessList;
-
-	/** @var boolean */
-	private $isWriteOperation;
-
-	/** @var Util */
-	private $util;
-
-	/** @var  Session */
-	private $session;
-
-	/** @var  ILogger */
-	private $logger;
-
-	/** @var IL10N */
-	private $l;
-
-	/** @var EncryptAll */
-	private $encryptAll;
-
-	/** @var  bool */
-	private $useMasterPassword;
-
-	/** @var DecryptAll  */
-	private $decryptAll;
-
-	/** @var int unencrypted block size if block contains signature */
-	private $unencryptedBlockSizeSigned = 6072;
-
-	/** @var int unencrypted block size */
-	private $unencryptedBlockSize = 6126;
-
-	/** @var int Current version of the file */
-	private $version = 0;
-
-	/** @var array remember encryption signature version */
-	private static $rememberVersion = [];
-
-
-	/**
-	 *
-	 * @param Crypt $crypt
-	 * @param KeyManager $keyManager
-	 * @param Util $util
-	 * @param Session $session
-	 * @param EncryptAll $encryptAll
-	 * @param DecryptAll $decryptAll
-	 * @param ILogger $logger
-	 * @param IL10N $il10n
-	 */
-	public function __construct(Crypt $crypt,
-								KeyManager $keyManager,
-								Util $util,
-								Session $session,
-								EncryptAll $encryptAll,
-								DecryptAll $decryptAll,
-								ILogger $logger,
-								IL10N $il10n) {
-		$this->crypt = $crypt;
-		$this->keyManager = $keyManager;
-		$this->util = $util;
-		$this->session = $session;
-		$this->encryptAll = $encryptAll;
-		$this->decryptAll = $decryptAll;
-		$this->logger = $logger;
-		$this->l = $il10n;
-		$this->owner = [];
-		$this->useMasterPassword = $util->isMasterKeyEnabled();
-	}
-
-	/**
-	 * @return string defining the technical unique id
-	 */
-	public function getId() {
-		return self::ID;
-	}
-
-	/**
-	 * In comparison to getKey() this function returns a human readable (maybe translated) name
-	 *
-	 * @return string
-	 */
-	public function getDisplayName() {
-		return self::DISPLAY_NAME;
-	}
-
-	/**
-	 * start receiving chunks from a file. This is the place where you can
-	 * perform some initial step before starting encrypting/decrypting the
-	 * chunks
-	 *
-	 * @param string $path to the file
-	 * @param string $user who read/write the file
-	 * @param string $mode php stream open mode
-	 * @param array $header contains the header data read from the file
-	 * @param array $accessList who has access to the file contains the key 'users' and 'public'
-	 *
-	 * @return array $header contain data as key-value pairs which should be
-	 *                       written to the header, in case of a write operation
-	 *                       or if no additional data is needed return a empty array
-	 */
-	public function begin($path, $user, $mode, array $header, array $accessList) {
-		$this->path = $this->getPathToRealFile($path);
-		$this->accessList = $accessList;
-		$this->user = $user;
-		$this->isWriteOperation = false;
-		$this->writeCache = '';
-
-		if ($this->session->isReady() === false) {
-			// if the master key is enabled we can initialize encryption
-			// with a empty password and user name
-			if ($this->util->isMasterKeyEnabled()) {
-				$this->keyManager->init('', '');
-			}
-		}
-
-		if ($this->session->decryptAllModeActivated()) {
-			$encryptedFileKey = $this->keyManager->getEncryptedFileKey($this->path);
-			$shareKey = $this->keyManager->getShareKey($this->path, $this->session->getDecryptAllUid());
-			$this->fileKey = $this->crypt->multiKeyDecrypt($encryptedFileKey,
-				$shareKey,
-				$this->session->getDecryptAllKey());
-		} else {
-			$this->fileKey = $this->keyManager->getFileKey($this->path, $this->user);
-		}
-
-		// always use the version from the original file, also part files
-		// need to have a correct version number if they get moved over to the
-		// final location
-		$this->version = (int)$this->keyManager->getVersion($this->stripPartFileExtension($path), new View());
-
-		if (
-			$mode === 'w'
-			|| $mode === 'w+'
-			|| $mode === 'wb'
-			|| $mode === 'wb+'
-		) {
-			$this->isWriteOperation = true;
-			if (empty($this->fileKey)) {
-				$this->fileKey = $this->crypt->generateFileKey();
-			}
-		} else {
-			// if we read a part file we need to increase the version by 1
-			// because the version number was also increased by writing
-			// the part file
-			if (Scanner::isPartialFile($path)) {
-				$this->version = $this->version + 1;
-			}
-		}
-
-		if ($this->isWriteOperation) {
-			$this->cipher = $this->crypt->getCipher();
-		} elseif (isset($header['cipher'])) {
-			$this->cipher = $header['cipher'];
-		} else {
-			// if we read a file without a header we fall-back to the legacy cipher
-			// which was used in <=oC6
-			$this->cipher = $this->crypt->getLegacyCipher();
-		}
-
-		return ['cipher' => $this->cipher, 'signed' => 'true'];
-	}
-
-	/**
-	 * last chunk received. This is the place where you can perform some final
-	 * operation and return some remaining data if something is left in your
-	 * buffer.
-	 *
-	 * @param string $path to the file
-	 * @param int $position
-	 * @return string remained data which should be written to the file in case
-	 *                of a write operation
-	 * @throws PublicKeyMissingException
-	 * @throws \Exception
-	 * @throws \OCA\Encryption\Exceptions\MultiKeyEncryptException
-	 */
-	public function end($path, $position = 0) {
-		$result = '';
-		if ($this->isWriteOperation) {
-			// in case of a part file we remember the new signature versions
-			// the version will be set later on update.
-			// This way we make sure that other apps listening to the pre-hooks
-			// still get the old version which should be the correct value for them
-			if (Scanner::isPartialFile($path)) {
-				self::$rememberVersion[$this->stripPartFileExtension($path)] = $this->version + 1;
-			}
-			if (!empty($this->writeCache)) {
-				$result = $this->crypt->symmetricEncryptFileContent($this->writeCache, $this->fileKey, $this->version + 1, $position);
-				$this->writeCache = '';
-			}
-			$publicKeys = [];
-			if ($this->useMasterPassword === true) {
-				$publicKeys[$this->keyManager->getMasterKeyId()] = $this->keyManager->getPublicMasterKey();
-			} else {
-				foreach ($this->accessList['users'] as $uid) {
-					try {
-						$publicKeys[$uid] = $this->keyManager->getPublicKey($uid);
-					} catch (PublicKeyMissingException $e) {
-						$this->logger->warning(
-							'no public key found for user "{uid}", user will not be able to read the file',
-							['app' => 'encryption', 'uid' => $uid]
-						);
-						// if the public key of the owner is missing we should fail
-						if ($uid === $this->user) {
-							throw $e;
-						}
-					}
-				}
-			}
-
-			$publicKeys = $this->keyManager->addSystemKeys($this->accessList, $publicKeys, $this->getOwner($path));
-			$encryptedKeyfiles = $this->crypt->multiKeyEncrypt($this->fileKey, $publicKeys);
-			$this->keyManager->setAllFileKeys($this->path, $encryptedKeyfiles);
-		}
-		return $result;
-	}
-
-
-
-	/**
-	 * encrypt data
-	 *
-	 * @param string $data you want to encrypt
-	 * @param int $position
-	 * @return string encrypted data
-	 */
-	public function encrypt($data, $position = 0) {
-		// If extra data is left over from the last round, make sure it
-		// is integrated into the next block
-		if ($this->writeCache) {
-
-			// Concat writeCache to start of $data
-			$data = $this->writeCache . $data;
-
-			// Clear the write cache, ready for reuse - it has been
-			// flushed and its old contents processed
-			$this->writeCache = '';
-		}
-
-		$encrypted = '';
-		// While there still remains some data to be processed & written
-		while (strlen($data) > 0) {
-
-			// Remaining length for this iteration, not of the
-			// entire file (may be greater than 8192 bytes)
-			$remainingLength = strlen($data);
-
-			// If data remaining to be written is less than the
-			// size of 1 6126 byte block
-			if ($remainingLength < $this->unencryptedBlockSizeSigned) {
-
-				// Set writeCache to contents of $data
-				// The writeCache will be carried over to the
-				// next write round, and added to the start of
-				// $data to ensure that written blocks are
-				// always the correct length. If there is still
-				// data in writeCache after the writing round
-				// has finished, then the data will be written
-				// to disk by $this->flush().
-				$this->writeCache = $data;
-
-				// Clear $data ready for next round
-				$data = '';
-			} else {
-
-				// Read the chunk from the start of $data
-				$chunk = substr($data, 0, $this->unencryptedBlockSizeSigned);
-
-				$encrypted .= $this->crypt->symmetricEncryptFileContent($chunk, $this->fileKey, $this->version + 1, $position);
-
-				// Remove the chunk we just processed from
-				// $data, leaving only unprocessed data in $data
-				// var, for handling on the next round
-				$data = substr($data, $this->unencryptedBlockSizeSigned);
-			}
-		}
-
-		return $encrypted;
-	}
-
-	/**
-	 * decrypt data
-	 *
-	 * @param string $data you want to decrypt
-	 * @param int|string $position
-	 * @return string decrypted data
-	 * @throws DecryptionFailedException
-	 */
-	public function decrypt($data, $position = 0) {
-		if (empty($this->fileKey)) {
-			$msg = 'Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.';
-			$hint = $this->l->t('Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.');
-			$this->logger->error($msg);
-
-			throw new DecryptionFailedException($msg, $hint);
-		}
-
-		return $this->crypt->symmetricDecryptFileContent($data, $this->fileKey, $this->cipher, $this->version, $position);
-	}
-
-	/**
-	 * update encrypted file, e.g. give additional users access to the file
-	 *
-	 * @param string $path path to the file which should be updated
-	 * @param string $uid of the user who performs the operation
-	 * @param array $accessList who has access to the file contains the key 'users' and 'public'
-	 * @return boolean
-	 */
-	public function update($path, $uid, array $accessList) {
-		if (empty($accessList)) {
-			if (isset(self::$rememberVersion[$path])) {
-				$this->keyManager->setVersion($path, self::$rememberVersion[$path], new View());
-				unset(self::$rememberVersion[$path]);
-			}
-			return;
-		}
-
-		$fileKey = $this->keyManager->getFileKey($path, $uid);
-
-		if (!empty($fileKey)) {
-			$publicKeys = [];
-			if ($this->useMasterPassword === true) {
-				$publicKeys[$this->keyManager->getMasterKeyId()] = $this->keyManager->getPublicMasterKey();
-			} else {
-				foreach ($accessList['users'] as $user) {
-					try {
-						$publicKeys[$user] = $this->keyManager->getPublicKey($user);
-					} catch (PublicKeyMissingException $e) {
-						$this->logger->warning('Could not encrypt file for ' . $user . ': ' . $e->getMessage());
-					}
-				}
-			}
-
-			$publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys, $this->getOwner($path));
-
-			$encryptedFileKey = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
-
-			$this->keyManager->deleteAllFileKeys($path);
-
-			$this->keyManager->setAllFileKeys($path, $encryptedFileKey);
-		} else {
-			$this->logger->debug('no file key found, we assume that the file "{file}" is not encrypted',
-				['file' => $path, 'app' => 'encryption']);
-
-			return false;
-		}
-
-		return true;
-	}
-
-	/**
-	 * should the file be encrypted or not
-	 *
-	 * @param string $path
-	 * @return boolean
-	 */
-	public function shouldEncrypt($path) {
-		if ($this->util->shouldEncryptHomeStorage() === false) {
-			$storage = $this->util->getStorage($path);
-			if ($storage && $storage->instanceOfStorage('\OCP\Files\IHomeStorage')) {
-				return false;
-			}
-		}
-		$parts = explode('/', $path);
-		if (count($parts) < 4) {
-			return false;
-		}
-
-		if ($parts[2] === 'files') {
-			return true;
-		}
-		if ($parts[2] === 'files_versions') {
-			return true;
-		}
-		if ($parts[2] === 'files_trashbin') {
-			return true;
-		}
-
-		return false;
-	}
-
-	/**
-	 * get size of the unencrypted payload per block.
-	 * Nextcloud read/write files with a block size of 8192 byte
-	 *
-	 * @param bool $signed
-	 * @return int
-	 */
-	public function getUnencryptedBlockSize($signed = false) {
-		if ($signed === false) {
-			return $this->unencryptedBlockSize;
-		}
-
-		return $this->unencryptedBlockSizeSigned;
-	}
-
-	/**
-	 * check if the encryption module is able to read the file,
-	 * e.g. if all encryption keys exists
-	 *
-	 * @param string $path
-	 * @param string $uid user for whom we want to check if he can read the file
-	 * @return bool
-	 * @throws DecryptionFailedException
-	 */
-	public function isReadable($path, $uid) {
-		$fileKey = $this->keyManager->getFileKey($path, $uid);
-		if (empty($fileKey)) {
-			$owner = $this->util->getOwner($path);
-			if ($owner !== $uid) {
-				// if it is a shared file we throw a exception with a useful
-				// error message because in this case it means that the file was
-				// shared with the user at a point where the user didn't had a
-				// valid private/public key
-				$msg = 'Encryption module "' . $this->getDisplayName() .
-					'" is not able to read ' . $path;
-				$hint = $this->l->t('Can not read this file, probably this is a shared file. Please ask the file owner to reshare the file with you.');
-				$this->logger->warning($msg);
-				throw new DecryptionFailedException($msg, $hint);
-			}
-			return false;
-		}
-
-		return true;
-	}
-
-	/**
-	 * Initial encryption of all files
-	 *
-	 * @param InputInterface $input
-	 * @param OutputInterface $output write some status information to the terminal during encryption
-	 */
-	public function encryptAll(InputInterface $input, OutputInterface $output) {
-		$this->encryptAll->encryptAll($input, $output);
-	}
-
-	/**
-	 * prepare module to perform decrypt all operation
-	 *
-	 * @param InputInterface $input
-	 * @param OutputInterface $output
-	 * @param string $user
-	 * @return bool
-	 */
-	public function prepareDecryptAll(InputInterface $input, OutputInterface $output, $user = '') {
-		return $this->decryptAll->prepare($input, $output, $user);
-	}
-
-
-	/**
-	 * @param string $path
-	 * @return string
-	 */
-	protected function getPathToRealFile($path) {
-		$realPath = $path;
-		$parts = explode('/', $path);
-		if ($parts[2] === 'files_versions') {
-			$realPath = '/' . $parts[1] . '/files/' . implode('/', array_slice($parts, 3));
-			$length = strrpos($realPath, '.');
-			$realPath = substr($realPath, 0, $length);
-		}
-
-		return $realPath;
-	}
-
-	/**
-	 * remove .part file extension and the ocTransferId from the file to get the
-	 * original file name
-	 *
-	 * @param string $path
-	 * @return string
-	 */
-	protected function stripPartFileExtension($path) {
-		if (pathinfo($path, PATHINFO_EXTENSION) === 'part') {
-			$pos = strrpos($path, '.', -6);
-			$path = substr($path, 0, $pos);
-		}
-
-		return $path;
-	}
-
-	/**
-	 * get owner of a file
-	 *
-	 * @param string $path
-	 * @return string
-	 */
-	protected function getOwner($path) {
-		if (!isset($this->owner[$path])) {
-			$this->owner[$path] = $this->util->getOwner($path);
-		}
-		return $this->owner[$path];
-	}
-
-	/**
-	 * Check if the module is ready to be used by that specific user.
-	 * In case a module is not ready - because e.g. key pairs have not been generated
-	 * upon login this method can return false before any operation starts and might
-	 * cause issues during operations.
-	 *
-	 * @param string $user
-	 * @return boolean
-	 * @since 9.1.0
-	 */
-	public function isReadyForUser($user) {
-		if ($this->util->isMasterKeyEnabled()) {
-			return true;
-		}
-		return $this->keyManager->userHasKeys($user);
-	}
-
-	/**
-	 * We only need a detailed access list if the master key is not enabled
-	 *
-	 * @return bool
-	 */
-	public function needDetailedAccessList() {
-		return !$this->util->isMasterKeyEnabled();
-	}
+    public const ID = 'OC_DEFAULT_MODULE';
+    public const DISPLAY_NAME = 'Default encryption module';
+
+    /**
+     * @var Crypt
+     */
+    private $crypt;
+
+    /** @var string */
+    private $cipher;
+
+    /** @var string */
+    private $path;
+
+    /** @var string */
+    private $user;
+
+    /** @var  array */
+    private $owner;
+
+    /** @var string */
+    private $fileKey;
+
+    /** @var string */
+    private $writeCache;
+
+    /** @var KeyManager */
+    private $keyManager;
+
+    /** @var array */
+    private $accessList;
+
+    /** @var boolean */
+    private $isWriteOperation;
+
+    /** @var Util */
+    private $util;
+
+    /** @var  Session */
+    private $session;
+
+    /** @var  ILogger */
+    private $logger;
+
+    /** @var IL10N */
+    private $l;
+
+    /** @var EncryptAll */
+    private $encryptAll;
+
+    /** @var  bool */
+    private $useMasterPassword;
+
+    /** @var DecryptAll  */
+    private $decryptAll;
+
+    /** @var int unencrypted block size if block contains signature */
+    private $unencryptedBlockSizeSigned = 6072;
+
+    /** @var int unencrypted block size */
+    private $unencryptedBlockSize = 6126;
+
+    /** @var int Current version of the file */
+    private $version = 0;
+
+    /** @var array remember encryption signature version */
+    private static $rememberVersion = [];
+
+
+    /**
+     *
+     * @param Crypt $crypt
+     * @param KeyManager $keyManager
+     * @param Util $util
+     * @param Session $session
+     * @param EncryptAll $encryptAll
+     * @param DecryptAll $decryptAll
+     * @param ILogger $logger
+     * @param IL10N $il10n
+     */
+    public function __construct(Crypt $crypt,
+                                KeyManager $keyManager,
+                                Util $util,
+                                Session $session,
+                                EncryptAll $encryptAll,
+                                DecryptAll $decryptAll,
+                                ILogger $logger,
+                                IL10N $il10n) {
+        $this->crypt = $crypt;
+        $this->keyManager = $keyManager;
+        $this->util = $util;
+        $this->session = $session;
+        $this->encryptAll = $encryptAll;
+        $this->decryptAll = $decryptAll;
+        $this->logger = $logger;
+        $this->l = $il10n;
+        $this->owner = [];
+        $this->useMasterPassword = $util->isMasterKeyEnabled();
+    }
+
+    /**
+     * @return string defining the technical unique id
+     */
+    public function getId() {
+        return self::ID;
+    }
+
+    /**
+     * In comparison to getKey() this function returns a human readable (maybe translated) name
+     *
+     * @return string
+     */
+    public function getDisplayName() {
+        return self::DISPLAY_NAME;
+    }
+
+    /**
+     * start receiving chunks from a file. This is the place where you can
+     * perform some initial step before starting encrypting/decrypting the
+     * chunks
+     *
+     * @param string $path to the file
+     * @param string $user who read/write the file
+     * @param string $mode php stream open mode
+     * @param array $header contains the header data read from the file
+     * @param array $accessList who has access to the file contains the key 'users' and 'public'
+     *
+     * @return array $header contain data as key-value pairs which should be
+     *                       written to the header, in case of a write operation
+     *                       or if no additional data is needed return a empty array
+     */
+    public function begin($path, $user, $mode, array $header, array $accessList) {
+        $this->path = $this->getPathToRealFile($path);
+        $this->accessList = $accessList;
+        $this->user = $user;
+        $this->isWriteOperation = false;
+        $this->writeCache = '';
+
+        if ($this->session->isReady() === false) {
+            // if the master key is enabled we can initialize encryption
+            // with a empty password and user name
+            if ($this->util->isMasterKeyEnabled()) {
+                $this->keyManager->init('', '');
+            }
+        }
+
+        if ($this->session->decryptAllModeActivated()) {
+            $encryptedFileKey = $this->keyManager->getEncryptedFileKey($this->path);
+            $shareKey = $this->keyManager->getShareKey($this->path, $this->session->getDecryptAllUid());
+            $this->fileKey = $this->crypt->multiKeyDecrypt($encryptedFileKey,
+                $shareKey,
+                $this->session->getDecryptAllKey());
+        } else {
+            $this->fileKey = $this->keyManager->getFileKey($this->path, $this->user);
+        }
+
+        // always use the version from the original file, also part files
+        // need to have a correct version number if they get moved over to the
+        // final location
+        $this->version = (int)$this->keyManager->getVersion($this->stripPartFileExtension($path), new View());
+
+        if (
+            $mode === 'w'
+            || $mode === 'w+'
+            || $mode === 'wb'
+            || $mode === 'wb+'
+        ) {
+            $this->isWriteOperation = true;
+            if (empty($this->fileKey)) {
+                $this->fileKey = $this->crypt->generateFileKey();
+            }
+        } else {
+            // if we read a part file we need to increase the version by 1
+            // because the version number was also increased by writing
+            // the part file
+            if (Scanner::isPartialFile($path)) {
+                $this->version = $this->version + 1;
+            }
+        }
+
+        if ($this->isWriteOperation) {
+            $this->cipher = $this->crypt->getCipher();
+        } elseif (isset($header['cipher'])) {
+            $this->cipher = $header['cipher'];
+        } else {
+            // if we read a file without a header we fall-back to the legacy cipher
+            // which was used in <=oC6
+            $this->cipher = $this->crypt->getLegacyCipher();
+        }
+
+        return ['cipher' => $this->cipher, 'signed' => 'true'];
+    }
+
+    /**
+     * last chunk received. This is the place where you can perform some final
+     * operation and return some remaining data if something is left in your
+     * buffer.
+     *
+     * @param string $path to the file
+     * @param int $position
+     * @return string remained data which should be written to the file in case
+     *                of a write operation
+     * @throws PublicKeyMissingException
+     * @throws \Exception
+     * @throws \OCA\Encryption\Exceptions\MultiKeyEncryptException
+     */
+    public function end($path, $position = 0) {
+        $result = '';
+        if ($this->isWriteOperation) {
+            // in case of a part file we remember the new signature versions
+            // the version will be set later on update.
+            // This way we make sure that other apps listening to the pre-hooks
+            // still get the old version which should be the correct value for them
+            if (Scanner::isPartialFile($path)) {
+                self::$rememberVersion[$this->stripPartFileExtension($path)] = $this->version + 1;
+            }
+            if (!empty($this->writeCache)) {
+                $result = $this->crypt->symmetricEncryptFileContent($this->writeCache, $this->fileKey, $this->version + 1, $position);
+                $this->writeCache = '';
+            }
+            $publicKeys = [];
+            if ($this->useMasterPassword === true) {
+                $publicKeys[$this->keyManager->getMasterKeyId()] = $this->keyManager->getPublicMasterKey();
+            } else {
+                foreach ($this->accessList['users'] as $uid) {
+                    try {
+                        $publicKeys[$uid] = $this->keyManager->getPublicKey($uid);
+                    } catch (PublicKeyMissingException $e) {
+                        $this->logger->warning(
+                            'no public key found for user "{uid}", user will not be able to read the file',
+                            ['app' => 'encryption', 'uid' => $uid]
+                        );
+                        // if the public key of the owner is missing we should fail
+                        if ($uid === $this->user) {
+                            throw $e;
+                        }
+                    }
+                }
+            }
+
+            $publicKeys = $this->keyManager->addSystemKeys($this->accessList, $publicKeys, $this->getOwner($path));
+            $encryptedKeyfiles = $this->crypt->multiKeyEncrypt($this->fileKey, $publicKeys);
+            $this->keyManager->setAllFileKeys($this->path, $encryptedKeyfiles);
+        }
+        return $result;
+    }
+
+
+
+    /**
+     * encrypt data
+     *
+     * @param string $data you want to encrypt
+     * @param int $position
+     * @return string encrypted data
+     */
+    public function encrypt($data, $position = 0) {
+        // If extra data is left over from the last round, make sure it
+        // is integrated into the next block
+        if ($this->writeCache) {
+
+            // Concat writeCache to start of $data
+            $data = $this->writeCache . $data;
+
+            // Clear the write cache, ready for reuse - it has been
+            // flushed and its old contents processed
+            $this->writeCache = '';
+        }
+
+        $encrypted = '';
+        // While there still remains some data to be processed & written
+        while (strlen($data) > 0) {
+
+            // Remaining length for this iteration, not of the
+            // entire file (may be greater than 8192 bytes)
+            $remainingLength = strlen($data);
+
+            // If data remaining to be written is less than the
+            // size of 1 6126 byte block
+            if ($remainingLength < $this->unencryptedBlockSizeSigned) {
+
+                // Set writeCache to contents of $data
+                // The writeCache will be carried over to the
+                // next write round, and added to the start of
+                // $data to ensure that written blocks are
+                // always the correct length. If there is still
+                // data in writeCache after the writing round
+                // has finished, then the data will be written
+                // to disk by $this->flush().
+                $this->writeCache = $data;
+
+                // Clear $data ready for next round
+                $data = '';
+            } else {
+
+                // Read the chunk from the start of $data
+                $chunk = substr($data, 0, $this->unencryptedBlockSizeSigned);
+
+                $encrypted .= $this->crypt->symmetricEncryptFileContent($chunk, $this->fileKey, $this->version + 1, $position);
+
+                // Remove the chunk we just processed from
+                // $data, leaving only unprocessed data in $data
+                // var, for handling on the next round
+                $data = substr($data, $this->unencryptedBlockSizeSigned);
+            }
+        }
+
+        return $encrypted;
+    }
+
+    /**
+     * decrypt data
+     *
+     * @param string $data you want to decrypt
+     * @param int|string $position
+     * @return string decrypted data
+     * @throws DecryptionFailedException
+     */
+    public function decrypt($data, $position = 0) {
+        if (empty($this->fileKey)) {
+            $msg = 'Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.';
+            $hint = $this->l->t('Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.');
+            $this->logger->error($msg);
+
+            throw new DecryptionFailedException($msg, $hint);
+        }
+
+        return $this->crypt->symmetricDecryptFileContent($data, $this->fileKey, $this->cipher, $this->version, $position);
+    }
+
+    /**
+     * update encrypted file, e.g. give additional users access to the file
+     *
+     * @param string $path path to the file which should be updated
+     * @param string $uid of the user who performs the operation
+     * @param array $accessList who has access to the file contains the key 'users' and 'public'
+     * @return boolean
+     */
+    public function update($path, $uid, array $accessList) {
+        if (empty($accessList)) {
+            if (isset(self::$rememberVersion[$path])) {
+                $this->keyManager->setVersion($path, self::$rememberVersion[$path], new View());
+                unset(self::$rememberVersion[$path]);
+            }
+            return;
+        }
+
+        $fileKey = $this->keyManager->getFileKey($path, $uid);
+
+        if (!empty($fileKey)) {
+            $publicKeys = [];
+            if ($this->useMasterPassword === true) {
+                $publicKeys[$this->keyManager->getMasterKeyId()] = $this->keyManager->getPublicMasterKey();
+            } else {
+                foreach ($accessList['users'] as $user) {
+                    try {
+                        $publicKeys[$user] = $this->keyManager->getPublicKey($user);
+                    } catch (PublicKeyMissingException $e) {
+                        $this->logger->warning('Could not encrypt file for ' . $user . ': ' . $e->getMessage());
+                    }
+                }
+            }
+
+            $publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys, $this->getOwner($path));
+
+            $encryptedFileKey = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
+
+            $this->keyManager->deleteAllFileKeys($path);
+
+            $this->keyManager->setAllFileKeys($path, $encryptedFileKey);
+        } else {
+            $this->logger->debug('no file key found, we assume that the file "{file}" is not encrypted',
+                ['file' => $path, 'app' => 'encryption']);
+
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * should the file be encrypted or not
+     *
+     * @param string $path
+     * @return boolean
+     */
+    public function shouldEncrypt($path) {
+        if ($this->util->shouldEncryptHomeStorage() === false) {
+            $storage = $this->util->getStorage($path);
+            if ($storage && $storage->instanceOfStorage('\OCP\Files\IHomeStorage')) {
+                return false;
+            }
+        }
+        $parts = explode('/', $path);
+        if (count($parts) < 4) {
+            return false;
+        }
+
+        if ($parts[2] === 'files') {
+            return true;
+        }
+        if ($parts[2] === 'files_versions') {
+            return true;
+        }
+        if ($parts[2] === 'files_trashbin') {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * get size of the unencrypted payload per block.
+     * Nextcloud read/write files with a block size of 8192 byte
+     *
+     * @param bool $signed
+     * @return int
+     */
+    public function getUnencryptedBlockSize($signed = false) {
+        if ($signed === false) {
+            return $this->unencryptedBlockSize;
+        }
+
+        return $this->unencryptedBlockSizeSigned;
+    }
+
+    /**
+     * check if the encryption module is able to read the file,
+     * e.g. if all encryption keys exists
+     *
+     * @param string $path
+     * @param string $uid user for whom we want to check if he can read the file
+     * @return bool
+     * @throws DecryptionFailedException
+     */
+    public function isReadable($path, $uid) {
+        $fileKey = $this->keyManager->getFileKey($path, $uid);
+        if (empty($fileKey)) {
+            $owner = $this->util->getOwner($path);
+            if ($owner !== $uid) {
+                // if it is a shared file we throw a exception with a useful
+                // error message because in this case it means that the file was
+                // shared with the user at a point where the user didn't had a
+                // valid private/public key
+                $msg = 'Encryption module "' . $this->getDisplayName() .
+                    '" is not able to read ' . $path;
+                $hint = $this->l->t('Can not read this file, probably this is a shared file. Please ask the file owner to reshare the file with you.');
+                $this->logger->warning($msg);
+                throw new DecryptionFailedException($msg, $hint);
+            }
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Initial encryption of all files
+     *
+     * @param InputInterface $input
+     * @param OutputInterface $output write some status information to the terminal during encryption
+     */
+    public function encryptAll(InputInterface $input, OutputInterface $output) {
+        $this->encryptAll->encryptAll($input, $output);
+    }
+
+    /**
+     * prepare module to perform decrypt all operation
+     *
+     * @param InputInterface $input
+     * @param OutputInterface $output
+     * @param string $user
+     * @return bool
+     */
+    public function prepareDecryptAll(InputInterface $input, OutputInterface $output, $user = '') {
+        return $this->decryptAll->prepare($input, $output, $user);
+    }
+
+
+    /**
+     * @param string $path
+     * @return string
+     */
+    protected function getPathToRealFile($path) {
+        $realPath = $path;
+        $parts = explode('/', $path);
+        if ($parts[2] === 'files_versions') {
+            $realPath = '/' . $parts[1] . '/files/' . implode('/', array_slice($parts, 3));
+            $length = strrpos($realPath, '.');
+            $realPath = substr($realPath, 0, $length);
+        }
+
+        return $realPath;
+    }
+
+    /**
+     * remove .part file extension and the ocTransferId from the file to get the
+     * original file name
+     *
+     * @param string $path
+     * @return string
+     */
+    protected function stripPartFileExtension($path) {
+        if (pathinfo($path, PATHINFO_EXTENSION) === 'part') {
+            $pos = strrpos($path, '.', -6);
+            $path = substr($path, 0, $pos);
+        }
+
+        return $path;
+    }
+
+    /**
+     * get owner of a file
+     *
+     * @param string $path
+     * @return string
+     */
+    protected function getOwner($path) {
+        if (!isset($this->owner[$path])) {
+            $this->owner[$path] = $this->util->getOwner($path);
+        }
+        return $this->owner[$path];
+    }
+
+    /**
+     * Check if the module is ready to be used by that specific user.
+     * In case a module is not ready - because e.g. key pairs have not been generated
+     * upon login this method can return false before any operation starts and might
+     * cause issues during operations.
+     *
+     * @param string $user
+     * @return boolean
+     * @since 9.1.0
+     */
+    public function isReadyForUser($user) {
+        if ($this->util->isMasterKeyEnabled()) {
+            return true;
+        }
+        return $this->keyManager->userHasKeys($user);
+    }
+
+    /**
+     * We only need a detailed access list if the master key is not enabled
+     *
+     * @return bool
+     */
+    public function needDetailedAccessList() {
+        return !$this->util->isMasterKeyEnabled();
+    }
 }

apps/encryption/lib/Crypto/DecryptAll.php

Indentation +122 added lines, -122 removed lines

@@ -34,126 +34,126 @@
 
 class DecryptAll {
 
-	/** @var Util  */
-	protected $util;
-
-	/** @var QuestionHelper  */
-	protected $questionHelper;
-
-	/** @var  Crypt */
-	protected $crypt;
-
-	/** @var  KeyManager */
-	protected $keyManager;
-
-	/** @var Session  */
-	protected $session;
-
-	/**
-	 * @param Util $util
-	 * @param KeyManager $keyManager
-	 * @param Crypt $crypt
-	 * @param Session $session
-	 * @param QuestionHelper $questionHelper
-	 */
-	public function __construct(
-		Util $util,
-		KeyManager $keyManager,
-		Crypt $crypt,
-		Session $session,
-		QuestionHelper $questionHelper
-	) {
-		$this->util = $util;
-		$this->keyManager = $keyManager;
-		$this->crypt = $crypt;
-		$this->session = $session;
-		$this->questionHelper = $questionHelper;
-	}
-
-	/**
-	 * prepare encryption module to decrypt all files
-	 *
-	 * @param InputInterface $input
-	 * @param OutputInterface $output
-	 * @param $user
-	 * @return bool
-	 */
-	public function prepare(InputInterface $input, OutputInterface $output, $user) {
-		$question = new Question('Please enter the recovery key password: ');
-
-		if ($this->util->isMasterKeyEnabled()) {
-			$output->writeln('Use master key to decrypt all files');
-			$user = $this->keyManager->getMasterKeyId();
-			$password = $this->keyManager->getMasterKeyPassword();
-		} else {
-			$recoveryKeyId = $this->keyManager->getRecoveryKeyId();
-			if (!empty($user)) {
-				$output->writeln('You can only decrypt the users files if you know');
-				$output->writeln('the users password or if he activated the recovery key.');
-				$output->writeln('');
-				$questionUseLoginPassword = new ConfirmationQuestion(
-					'Do you want to use the users login password to decrypt all files? (y/n) ',
-					false
-				);
-				$useLoginPassword = $this->questionHelper->ask($input, $output, $questionUseLoginPassword);
-				if ($useLoginPassword) {
-					$question = new Question('Please enter the user\'s login password: ');
-				} elseif ($this->util->isRecoveryEnabledForUser($user) === false) {
-					$output->writeln('No recovery key available for user ' . $user);
-					return false;
-				} else {
-					$user = $recoveryKeyId;
-				}
-			} else {
-				$output->writeln('You can only decrypt the files of all users if the');
-				$output->writeln('recovery key is enabled by the admin and activated by the users.');
-				$output->writeln('');
-				$user = $recoveryKeyId;
-			}
-
-			$question->setHidden(true);
-			$question->setHiddenFallback(false);
-			$password = $this->questionHelper->ask($input, $output, $question);
-		}
-
-		$privateKey = $this->getPrivateKey($user, $password);
-		if ($privateKey !== false) {
-			$this->updateSession($user, $privateKey);
-			return true;
-		} else {
-			$output->writeln('Could not decrypt private key, maybe you entered the wrong password?');
-		}
-
-
-		return false;
-	}
-
-	/**
-	 * get the private key which will be used to decrypt all files
-	 *
-	 * @param string $user
-	 * @param string $password
-	 * @return bool|string
-	 * @throws \OCA\Encryption\Exceptions\PrivateKeyMissingException
-	 */
-	protected function getPrivateKey($user, $password) {
-		$recoveryKeyId = $this->keyManager->getRecoveryKeyId();
-		$masterKeyId = $this->keyManager->getMasterKeyId();
-		if ($user === $recoveryKeyId) {
-			$recoveryKey = $this->keyManager->getSystemPrivateKey($recoveryKeyId);
-			$privateKey = $this->crypt->decryptPrivateKey($recoveryKey, $password);
-		} elseif ($user === $masterKeyId) {
-			$masterKey = $this->keyManager->getSystemPrivateKey($masterKeyId);
-			$privateKey = $this->crypt->decryptPrivateKey($masterKey, $password, $masterKeyId);
-		} else {
-			$userKey = $this->keyManager->getPrivateKey($user);
-			$privateKey = $this->crypt->decryptPrivateKey($userKey, $password, $user);
-		}
-
-		return $privateKey;
-	}
-
-	protected function updateSession($user, $privateKey) {
-		$this->session->prepareDecryptAll($user, $privateKey);
-	}
+    /** @var Util  */
+    protected $util;
+
+    /** @var QuestionHelper  */
+    protected $questionHelper;
+
+    /** @var  Crypt */
+    protected $crypt;
+
+    /** @var  KeyManager */
+    protected $keyManager;
+
+    /** @var Session  */
+    protected $session;
+
+    /**
+     * @param Util $util
+     * @param KeyManager $keyManager
+     * @param Crypt $crypt
+     * @param Session $session
+     * @param QuestionHelper $questionHelper
+     */
+    public function __construct(
+        Util $util,
+        KeyManager $keyManager,
+        Crypt $crypt,
+        Session $session,
+        QuestionHelper $questionHelper
+    ) {
+        $this->util = $util;
+        $this->keyManager = $keyManager;
+        $this->crypt = $crypt;
+        $this->session = $session;
+        $this->questionHelper = $questionHelper;
+    }
+
+    /**
+     * prepare encryption module to decrypt all files
+     *
+     * @param InputInterface $input
+     * @param OutputInterface $output
+     * @param $user
+     * @return bool
+     */
+    public function prepare(InputInterface $input, OutputInterface $output, $user) {
+        $question = new Question('Please enter the recovery key password: ');
+
+        if ($this->util->isMasterKeyEnabled()) {
+            $output->writeln('Use master key to decrypt all files');
+            $user = $this->keyManager->getMasterKeyId();
+            $password = $this->keyManager->getMasterKeyPassword();
+        } else {
+            $recoveryKeyId = $this->keyManager->getRecoveryKeyId();
+            if (!empty($user)) {
+                $output->writeln('You can only decrypt the users files if you know');
+                $output->writeln('the users password or if he activated the recovery key.');
+                $output->writeln('');
+                $questionUseLoginPassword = new ConfirmationQuestion(
+                    'Do you want to use the users login password to decrypt all files? (y/n) ',
+                    false
+                );
+                $useLoginPassword = $this->questionHelper->ask($input, $output, $questionUseLoginPassword);
+                if ($useLoginPassword) {
+                    $question = new Question('Please enter the user\'s login password: ');
+                } elseif ($this->util->isRecoveryEnabledForUser($user) === false) {
+                    $output->writeln('No recovery key available for user ' . $user);
+                    return false;
+                } else {
+                    $user = $recoveryKeyId;
+                }
+            } else {
+                $output->writeln('You can only decrypt the files of all users if the');
+                $output->writeln('recovery key is enabled by the admin and activated by the users.');
+                $output->writeln('');
+                $user = $recoveryKeyId;
+            }
+
+            $question->setHidden(true);
+            $question->setHiddenFallback(false);
+            $password = $this->questionHelper->ask($input, $output, $question);
+        }
+
+        $privateKey = $this->getPrivateKey($user, $password);
+        if ($privateKey !== false) {
+            $this->updateSession($user, $privateKey);
+            return true;
+        } else {
+            $output->writeln('Could not decrypt private key, maybe you entered the wrong password?');
+        }
+
+
+        return false;
+    }
+
+    /**
+     * get the private key which will be used to decrypt all files
+     *
+     * @param string $user
+     * @param string $password
+     * @return bool|string
+     * @throws \OCA\Encryption\Exceptions\PrivateKeyMissingException
+     */
+    protected function getPrivateKey($user, $password) {
+        $recoveryKeyId = $this->keyManager->getRecoveryKeyId();
+        $masterKeyId = $this->keyManager->getMasterKeyId();
+        if ($user === $recoveryKeyId) {
+            $recoveryKey = $this->keyManager->getSystemPrivateKey($recoveryKeyId);
+            $privateKey = $this->crypt->decryptPrivateKey($recoveryKey, $password);
+        } elseif ($user === $masterKeyId) {
+            $masterKey = $this->keyManager->getSystemPrivateKey($masterKeyId);
+            $privateKey = $this->crypt->decryptPrivateKey($masterKey, $password, $masterKeyId);
+        } else {
+            $userKey = $this->keyManager->getPrivateKey($user);
+            $privateKey = $this->crypt->decryptPrivateKey($userKey, $password, $user);
+        }
+
+        return $privateKey;
+    }
+
+    protected function updateSession($user, $privateKey) {
+        $this->session->prepareDecryptAll($user, $privateKey);
+    }
 }

Spacing +1 added lines, -1 removed lines

@@ -99,7 +99,7 @@
 				if ($useLoginPassword) {
 					$question = new Question('Please enter the user\'s login password: ');
 				} elseif ($this->util->isRecoveryEnabledForUser($user) === false) {
-					$output->writeln('No recovery key available for user ' . $user);
+					$output->writeln('No recovery key available for user '.$user);
 					return false;
 				} else {
 					$user = $recoveryKeyId;

apps/encryption/lib/Exceptions/PrivateKeyMissingException.php

Indentation +9 added lines, -9 removed lines

@@ -28,13 +28,13 @@
 
 class PrivateKeyMissingException extends GenericEncryptionException {
 
-	/**
-	 * @param string $userId
-	 */
-	public function __construct($userId) {
-		if (empty($userId)) {
-			$userId = "<no-user-id-given>";
-		}
-		parent::__construct("Private Key missing for user: $userId");
-	}
+    /**
+     * @param string $userId
+     */
+    public function __construct($userId) {
+        if (empty($userId)) {
+            $userId = "<no-user-id-given>";
+        }
+        parent::__construct("Private Key missing for user: $userId");
+    }
 }

apps/encryption/lib/Exceptions/PublicKeyMissingException.php

Indentation +9 added lines, -9 removed lines

@@ -25,13 +25,13 @@
 
 class PublicKeyMissingException extends GenericEncryptionException {
 
-	/**
-	 * @param string $userId
-	 */
-	public function __construct($userId) {
-		if (empty($userId)) {
-			$userId = "<no-user-id-given>";
-		}
-		parent::__construct("Public Key missing for user: $userId");
-	}
+    /**
+     * @param string $userId
+     */
+    public function __construct($userId) {
+        if (empty($userId)) {
+            $userId = "<no-user-id-given>";
+        }
+        parent::__construct("Public Key missing for user: $userId");
+    }
 }

apps/encryption/lib/Settings/Personal.php

Indentation +52 added lines, -52 removed lines

@@ -32,63 +32,63 @@
 
 class Personal implements ISettings {
 
-	/** @var IConfig */
-	private $config;
-	/** @var Session */
-	private $session;
-	/** @var Util */
-	private $util;
-	/** @var IUserSession */
-	private $userSession;
+    /** @var IConfig */
+    private $config;
+    /** @var Session */
+    private $session;
+    /** @var Util */
+    private $util;
+    /** @var IUserSession */
+    private $userSession;
 
-	public function __construct(IConfig $config, Session $session, Util $util, IUserSession $userSession) {
-		$this->config = $config;
-		$this->session = $session;
-		$this->util = $util;
-		$this->userSession = $userSession;
-	}
+    public function __construct(IConfig $config, Session $session, Util $util, IUserSession $userSession) {
+        $this->config = $config;
+        $this->session = $session;
+        $this->util = $util;
+        $this->userSession = $userSession;
+    }
 
-	/**
-	 * @return TemplateResponse returns the instance with all parameters set, ready to be rendered
-	 * @since 9.1
-	 */
-	public function getForm() {
-		$recoveryAdminEnabled = $this->config->getAppValue('encryption', 'recoveryAdminEnabled');
-		$privateKeySet = $this->session->isPrivateKeySet();
+    /**
+     * @return TemplateResponse returns the instance with all parameters set, ready to be rendered
+     * @since 9.1
+     */
+    public function getForm() {
+        $recoveryAdminEnabled = $this->config->getAppValue('encryption', 'recoveryAdminEnabled');
+        $privateKeySet = $this->session->isPrivateKeySet();
 
-		if (!$recoveryAdminEnabled && $privateKeySet) {
-			return new TemplateResponse('settings', 'settings/empty', [], '');
-		}
+        if (!$recoveryAdminEnabled && $privateKeySet) {
+            return new TemplateResponse('settings', 'settings/empty', [], '');
+        }
 
-		$userId = $this->userSession->getUser()->getUID();
-		$recoveryEnabledForUser = $this->util->isRecoveryEnabledForUser($userId);
+        $userId = $this->userSession->getUser()->getUID();
+        $recoveryEnabledForUser = $this->util->isRecoveryEnabledForUser($userId);
 
-		$parameters = [
-			'recoveryEnabled' => $recoveryAdminEnabled,
-			'recoveryEnabledForUser' => $recoveryEnabledForUser,
-			'privateKeySet' => $privateKeySet,
-			'initialized' => $this->session->getStatus(),
-		];
-		return new TemplateResponse('encryption', 'settings-personal', $parameters, '');
-	}
+        $parameters = [
+            'recoveryEnabled' => $recoveryAdminEnabled,
+            'recoveryEnabledForUser' => $recoveryEnabledForUser,
+            'privateKeySet' => $privateKeySet,
+            'initialized' => $this->session->getStatus(),
+        ];
+        return new TemplateResponse('encryption', 'settings-personal', $parameters, '');
+    }
 
-	/**
-	 * @return string the section ID, e.g. 'sharing'
-	 * @since 9.1
-	 */
-	public function getSection() {
-		return 'security';
-	}
+    /**
+     * @return string the section ID, e.g. 'sharing'
+     * @since 9.1
+     */
+    public function getSection() {
+        return 'security';
+    }
 
-	/**
-	 * @return int whether the form should be rather on the top or bottom of
-	 * the admin section. The forms are arranged in ascending order of the
-	 * priority values. It is required to return a value between 0 and 100.
-	 *
-	 * E.g.: 70
-	 * @since 9.1
-	 */
-	public function getPriority() {
-		return 80;
-	}
+    /**
+     * @return int whether the form should be rather on the top or bottom of
+     * the admin section. The forms are arranged in ascending order of the
+     * priority values. It is required to return a value between 0 and 100.
+     *
+     * E.g.: 70
+     * @since 9.1
+     */
+    public function getPriority() {
+        return 80;
+    }
 }