From f8a4bcdd50c14512ee0da86822e3fcadf391289b Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Thu, 5 Dec 2013 18:51:30 +0100 Subject: only create new key on password change if a recovery key exists or if the user don't have any private/public keys --- apps/files_encryption/hooks/hooks.php | 51 +++++++++++++++++++---------------- 1 file changed, 28 insertions(+), 23 deletions(-) (limited to 'apps/files_encryption/hooks') diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index f142f525cfa..7b13ae2a1d0 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -179,9 +179,9 @@ class Hooks { // the necessary keys) if (Crypt::mode() === 'server') { - if ($params['uid'] === \OCP\User::getUser()) { + $view = new \OC_FilesystemView('/'); - $view = new \OC_FilesystemView('/'); + if ($params['uid'] === \OCP\User::getUser()) { $session = new \OCA\Encryption\Session($view); @@ -202,36 +202,41 @@ class Hooks { } else { // admin changed the password for a different user, create new keys and reencrypt file keys $user = $params['uid']; - $recoveryPassword = $params['recoveryPassword']; - $newUserPassword = $params['password']; + $util = new Util($view, $user); + $recoveryPassword = isset($params['recoveryPassword']) ? $params['recoveryPassword'] : null; - $view = new \OC_FilesystemView('/'); + if (($util->recoveryEnabledForUser() && $recoveryPassword) + || !$util->userKeysExists()) { - // make sure that the users home is mounted - \OC\Files\Filesystem::initMountPoints($user); + $recoveryPassword = $params['recoveryPassword']; + $newUserPassword = $params['password']; - $keypair = Crypt::createKeypair(); + // make sure that the users home is mounted + \OC\Files\Filesystem::initMountPoints($user); - // Disable encryption proxy to prevent recursive calls - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; + $keypair = Crypt::createKeypair(); - // Save public key - $view->file_put_contents('/public-keys/' . $user . '.public.key', $keypair['publicKey']); + // Disable encryption proxy to prevent recursive calls + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; - // Encrypt private key empty passphrase - $encryptedPrivateKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], $newUserPassword); + // Save public key + $view->file_put_contents('/public-keys/' . $user . '.public.key', $keypair['publicKey']); - // Save private key - $view->file_put_contents( - '/' . $user . '/files_encryption/' . $user . '.private.key', $encryptedPrivateKey); + // Encrypt private key empty passphrase + $encryptedPrivateKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], $newUserPassword); - if ($recoveryPassword) { // if recovery key is set we can re-encrypt the key files - $util = new Util($view, $user); - $util->recoverUsersFiles($recoveryPassword); - } + // Save private key + $view->file_put_contents( + '/' . $user . '/files_encryption/' . $user . '.private.key', $encryptedPrivateKey); + + if ($recoveryPassword) { // if recovery key is set we can re-encrypt the key files + $util = new Util($view, $user); + $util->recoverUsersFiles($recoveryPassword); + } - \OC_FileProxy::$enabled = $proxyStatus; + \OC_FileProxy::$enabled = $proxyStatus; + } } } } -- cgit v1.2.3