2015-02-24 21:05:19 +03:00
|
|
|
<?php
|
|
|
|
/**
|
|
|
|
* @author Clark Tomlinson <clark@owncloud.com>
|
|
|
|
* @since 2/19/15, 10:02 AM
|
|
|
|
* @copyright Copyright (c) 2015, ownCloud, Inc.
|
|
|
|
* @license AGPL-3.0
|
|
|
|
*
|
|
|
|
* This code is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU Affero General Public License, version 3,
|
|
|
|
* as published by the Free Software Foundation.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU Affero General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Affero General Public License, version 3,
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
namespace OCA\Encryption\Hooks;
|
|
|
|
|
|
|
|
|
2015-03-25 00:29:10 +03:00
|
|
|
use OCP\Util as OCUtil;
|
2015-02-24 21:05:19 +03:00
|
|
|
use OCA\Encryption\Hooks\Contracts\IHook;
|
|
|
|
use OCA\Encryption\KeyManager;
|
|
|
|
use OCA\Encryption\Users\Setup;
|
|
|
|
use OCP\App;
|
|
|
|
use OCP\ILogger;
|
|
|
|
use OCP\IUserSession;
|
2015-03-25 00:29:10 +03:00
|
|
|
use OCA\Encryption\Util;
|
2015-02-24 21:05:19 +03:00
|
|
|
use Test\User;
|
|
|
|
|
|
|
|
class UserHooks implements IHook {
|
|
|
|
/**
|
|
|
|
* @var KeyManager
|
|
|
|
*/
|
|
|
|
private $keyManager;
|
|
|
|
/**
|
|
|
|
* @var ILogger
|
|
|
|
*/
|
|
|
|
private $logger;
|
|
|
|
/**
|
|
|
|
* @var Setup
|
|
|
|
*/
|
|
|
|
private $userSetup;
|
|
|
|
/**
|
|
|
|
* @var IUserSession
|
|
|
|
*/
|
|
|
|
private $user;
|
2015-03-25 00:29:10 +03:00
|
|
|
/**
|
|
|
|
* @var Util
|
|
|
|
*/
|
|
|
|
private $util;
|
2015-02-24 21:05:19 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* UserHooks constructor.
|
|
|
|
*
|
|
|
|
* @param KeyManager $keyManager
|
|
|
|
* @param ILogger $logger
|
|
|
|
* @param Setup $userSetup
|
|
|
|
* @param IUserSession $user
|
2015-03-25 00:29:10 +03:00
|
|
|
* @param OCUtil $ocUtil
|
|
|
|
* @param Util $util
|
2015-02-24 21:05:19 +03:00
|
|
|
*/
|
|
|
|
public function __construct(
|
2015-03-25 00:29:10 +03:00
|
|
|
KeyManager $keyManager, ILogger $logger, Setup $userSetup, IUserSession $user, OCUtil $ocUtil, Util $util) {
|
2015-02-24 21:05:19 +03:00
|
|
|
|
|
|
|
$this->keyManager = $keyManager;
|
|
|
|
$this->logger = $logger;
|
|
|
|
$this->userSetup = $userSetup;
|
|
|
|
$this->user = $user;
|
2015-03-25 00:29:10 +03:00
|
|
|
$this->util = $util;
|
2015-02-24 21:05:19 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Connects Hooks
|
|
|
|
*
|
|
|
|
* @return null
|
|
|
|
*/
|
|
|
|
public function addHooks() {
|
2015-03-25 00:29:10 +03:00
|
|
|
OCUtil::connectHook('OC_User', 'post_login', $this, 'login');
|
|
|
|
OCUtil::connectHook('OC_User', 'logout', $this, 'logout');
|
|
|
|
OCUtil::connectHook('OC_User',
|
|
|
|
'post_setPassword',
|
|
|
|
$this,
|
|
|
|
'setPassphrase');
|
|
|
|
OCUtil::connectHook('OC_User',
|
|
|
|
'pre_setPassword',
|
|
|
|
$this,
|
|
|
|
'preSetPassphrase');
|
|
|
|
OCUtil::connectHook('OC_User',
|
|
|
|
'post_createUser',
|
|
|
|
$this,
|
|
|
|
'postCreateUser');
|
|
|
|
OCUtil::connectHook('OC_User',
|
|
|
|
'post_deleteUser',
|
|
|
|
$this,
|
|
|
|
'postDeleteUser');
|
2015-02-24 21:05:19 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Startup encryption backend upon user login
|
|
|
|
*
|
|
|
|
* @note This method should never be called for users using client side encryption
|
2015-03-25 00:29:10 +03:00
|
|
|
* @param array $params
|
|
|
|
* @return bool
|
2015-02-24 21:05:19 +03:00
|
|
|
*/
|
|
|
|
public function login($params) {
|
|
|
|
|
|
|
|
if (!App::isEnabled('encryption')) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
// ensure filesystem is loaded
|
|
|
|
// Todo: update?
|
|
|
|
if (!\OC\Files\Filesystem::$loaded) {
|
|
|
|
\OC_Util::setupFS($params['uid']);
|
|
|
|
}
|
|
|
|
|
|
|
|
// setup user, if user not ready force relogin
|
2015-03-25 00:29:10 +03:00
|
|
|
if (!$this->userSetup->setupUser($params['uid'], $params['password'])) {
|
2015-02-24 21:05:19 +03:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2015-03-25 00:29:10 +03:00
|
|
|
$this->keyManager->init($params['uid'], $params['password']);
|
2015-02-24 21:05:19 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* remove keys from session during logout
|
|
|
|
*/
|
|
|
|
public function logout() {
|
2015-03-25 00:29:10 +03:00
|
|
|
KeyManager::$cacheFactory->clear();
|
2015-02-24 21:05:19 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* setup encryption backend upon user created
|
|
|
|
*
|
|
|
|
* @note This method should never be called for users using client side encryption
|
2015-03-25 00:29:10 +03:00
|
|
|
* @param array $params
|
2015-02-24 21:05:19 +03:00
|
|
|
*/
|
|
|
|
public function postCreateUser($params) {
|
|
|
|
|
2015-03-25 00:29:10 +03:00
|
|
|
if (App::isEnabled('encryption')) {
|
|
|
|
$this->userSetup->setupUser($params['uid'], $params['password']);
|
2015-02-24 21:05:19 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* cleanup encryption backend upon user deleted
|
|
|
|
*
|
2015-03-25 00:29:10 +03:00
|
|
|
* @param array $params : uid, password
|
2015-02-24 21:05:19 +03:00
|
|
|
* @note This method should never be called for users using client side encryption
|
|
|
|
*/
|
|
|
|
public function postDeleteUser($params) {
|
|
|
|
|
2015-03-25 00:29:10 +03:00
|
|
|
if (App::isEnabled('encryption')) {
|
|
|
|
$this->keyManager->deletePublicKey($params['uid']);
|
2015-02-24 21:05:19 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* If the password can't be changed within ownCloud, than update the key password in advance.
|
|
|
|
*
|
2015-03-25 00:29:10 +03:00
|
|
|
* @param array $params : uid, password
|
|
|
|
* @return bool
|
2015-02-24 21:05:19 +03:00
|
|
|
*/
|
2015-03-25 00:29:10 +03:00
|
|
|
public function preSetPassphrase($params) {
|
|
|
|
if (App::isEnabled('encryption')) {
|
2015-02-24 21:05:19 +03:00
|
|
|
|
2015-03-25 00:29:10 +03:00
|
|
|
if (!$this->user->getUser()->canChangePassword()) {
|
|
|
|
if (App::isEnabled('encryption') === false) {
|
|
|
|
return true;
|
2015-02-24 21:05:19 +03:00
|
|
|
}
|
2015-03-25 00:29:10 +03:00
|
|
|
$this->keyManager->setPassphrase($params,
|
|
|
|
$this->user,
|
|
|
|
$this->util);
|
2015-02-24 21:05:19 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-03-25 00:29:10 +03:00
|
|
|
|
2015-02-24 21:05:19 +03:00
|
|
|
/**
|
|
|
|
* after password reset we create a new key pair for the user
|
|
|
|
*
|
|
|
|
* @param array $params
|
|
|
|
*/
|
|
|
|
public function postPasswordReset($params) {
|
|
|
|
$password = $params['password'];
|
|
|
|
|
2015-03-25 00:29:10 +03:00
|
|
|
$this->keyManager->replaceUserKeys($params['uid']);
|
|
|
|
$this->userSetup->setupServerSide($params['uid'], $password);
|
2015-02-24 21:05:19 +03:00
|
|
|
}
|
|
|
|
}
|