nextcloud/apps/files_encryption/ajax/adminrecovery.php

setValue( $app, $key, $value )

<?php
/**
 * Copyright (c) 2013, Sam Tuke <samtuke@owncloud.com>
 * This file is licensed under the Affero General Public License version 3 or later.
 * See the COPYING-README file.
 *
 * @brief Script to handle admin settings for encrypted key recovery
 */

use OCA\Encryption;

\OCP\JSON::checkAdminUser();
\OCP\JSON::checkAppEnabled( 'files_encryption' );
\OCP\JSON::callCheck();

$return = $doSetup = false;

// Enable recoveryAdmin
if ( 
	isset( $_POST['adminEnableRecovery'] ) 
	&& 1 == $_POST['adminEnableRecovery'] 
// 	&& isset( $_POST['recoveryPassword'] ) 
// 	&& ! empty ( $_POST['recoveryPassword'] )
) {

	// TODO: Let the admin set this themselves
	$recoveryAdminUid = 'recoveryAdmin';
	
	// If desired recoveryAdmin UID is already in use
	if ( ! \OC_User::userExists( $recoveryAdminUid ) ) {
		
		// Create new recoveryAdmin user
		\OC_User::createUser( $recoveryAdminUid, $_POST['recoveryPassword'] );
		
		// Make recovery user an administrator
		\OC_Group::addToGroup ( $recoveryAdminUid, 'admin' );
		
		$doSetup = true;
		
	} else {
	
		// Get list of admin users
		$admins = OC_Group::usersInGroup( 'admin' );
		
		// If the existing recoveryAdmin UID is an admin
		if ( in_array( $recoveryAdminUid, $admins ) ) {
			
			// The desired recoveryAdmi UID pre-exists and can be used
			$doSetup = true;
		
		// If the recoveryAdmin UID exists but doesn't have admin rights
		} else {
		
			$return = false;
			
		}
		
	}
	
	// Setup recoveryAdmin user for encryption
	if ( $doSetup ) {
		
		$view = new \OC_FilesystemView( '/' );
		$util = new \OCA\Encryption\Util( $view, $recoveryAdminUid );
		
		// Ensure recoveryAdmin is ready for encryption (has usable keypair etc.)
		$util->setupServerSide( $_POST['recoveryPassword'] );
		
		// Store the UID in the DB
		OC_Appconfig::setValue( 'files_encryption', 'recoveryAdminUid', $recoveryAdminUid );
		
		$return = true;
		
	}
	
	// Set recoveryAdmin as enabled
	OC_Appconfig::setValue( 'files_encryption', 'recoveryAdminEnabled', 1 );

// Disable recoveryAdmin
} elseif ( 
	isset( $_POST['adminEnableRecovery'] ) 
	&& 0 == $_POST['adminEnableRecovery'] 
) {
		
		// Set recoveryAdmin as enabled
		OC_Appconfig::setValue( 'files_encryption', 'recoveryAdminEnabled', 0 );
		
		$return = true;

}

($return) ? OC_JSON::success() : OC_JSON::error();
Added ajax scripts for setting pwd recovery preferences 2013-03-28 21:29:18 +04:00			`setValue( $app, $key, $value )`

			`<?php`
			`/**`
			`* Copyright (c) 2013, Sam Tuke <samtuke@owncloud.com>`
			`* This file is licensed under the Affero General Public License version 3 or later.`
			`* See the COPYING-README file.`
			`*`
			`* @brief Script to handle admin settings for encrypted key recovery`
			`*/`

			`use OCA\Encryption;`

			`\OCP\JSON::checkAdminUser();`
			`\OCP\JSON::checkAppEnabled( 'files_encryption' );`
			`\OCP\JSON::callCheck();`

Fixed proxy class handing of read / write files Various work on other classes 2013-04-10 19:37:03 +04:00			`$return = $doSetup = false;`

Fixed recoveryadmin settings in user and admin settings pages (js, templates, ajax) Renamed recovery methods in Util{} for clarity Added note about bug causing slow page load and redundant keypair generation recoveryAdmin functionality not yet complete 2013-05-01 21:18:31 +04:00			`// Enable recoveryAdmin`
Added ajax scripts for setting pwd recovery preferences 2013-03-28 21:29:18 +04:00			`if (`
			`isset( $_POST['adminEnableRecovery'] )`
Fixed recoveryadmin settings in user and admin settings pages (js, templates, ajax) Renamed recovery methods in Util{} for clarity Added note about bug causing slow page load and redundant keypair generation recoveryAdmin functionality not yet complete 2013-05-01 21:18:31 +04:00			`&& 1 == $_POST['adminEnableRecovery']`
			`// && isset( $_POST['recoveryPassword'] )`
			`// && ! empty ( $_POST['recoveryPassword'] )`
Added ajax scripts for setting pwd recovery preferences 2013-03-28 21:29:18 +04:00			`) {`

			`// TODO: Let the admin set this themselves`
			`$recoveryAdminUid = 'recoveryAdmin';`

			`// If desired recoveryAdmin UID is already in use`
			`if ( ! \OC_User::userExists( $recoveryAdminUid ) ) {`
Fixed recoveryadmin settings in user and admin settings pages (js, templates, ajax) Renamed recovery methods in Util{} for clarity Added note about bug causing slow page load and redundant keypair generation recoveryAdmin functionality not yet complete 2013-05-01 21:18:31 +04:00
Added ajax scripts for setting pwd recovery preferences 2013-03-28 21:29:18 +04:00			`// Create new recoveryAdmin user`
			`\OC_User::createUser( $recoveryAdminUid, $_POST['recoveryPassword'] );`

Added support for user-specified password for adminRecovery account in admin settings page Made encryptAll() (file migration for unencrypted + legacy encrypted files) run only on first login for each user (status stored in DB) Made recoveryAdmin user member of 'admin' user group automatically Set recoveryadmin settings to only display on user settings if enabled by an admin Updated encryption db xml schema 2013-05-04 18:14:38 +04:00			`// Make recovery user an administrator`
			`\OC_Group::addToGroup ( $recoveryAdminUid, 'admin' );`

Added ajax scripts for setting pwd recovery preferences 2013-03-28 21:29:18 +04:00			`$doSetup = true;`

			`} else {`

			`// Get list of admin users`
			`$admins = OC_Group::usersInGroup( 'admin' );`

			`// If the existing recoveryAdmin UID is an admin`
			`if ( in_array( $recoveryAdminUid, $admins ) ) {`

			`// The desired recoveryAdmi UID pre-exists and can be used`
			`$doSetup = true;`

			`// If the recoveryAdmin UID exists but doesn't have admin rights`
			`} else {`

Fixed proxy class handing of read / write files Various work on other classes 2013-04-10 19:37:03 +04:00			`$return = false;`
Added ajax scripts for setting pwd recovery preferences 2013-03-28 21:29:18 +04:00
			`}`

			`}`

Fixed recoveryadmin settings in user and admin settings pages (js, templates, ajax) Renamed recovery methods in Util{} for clarity Added note about bug causing slow page load and redundant keypair generation recoveryAdmin functionality not yet complete 2013-05-01 21:18:31 +04:00			`// Setup recoveryAdmin user for encryption`
Added ajax scripts for setting pwd recovery preferences 2013-03-28 21:29:18 +04:00			`if ( $doSetup ) {`

			`$view = new \OC_FilesystemView( '/' );`
Fixed recoveryadmin settings in user and admin settings pages (js, templates, ajax) Renamed recovery methods in Util{} for clarity Added note about bug causing slow page load and redundant keypair generation recoveryAdmin functionality not yet complete 2013-05-01 21:18:31 +04:00			`$util = new \OCA\Encryption\Util( $view, $recoveryAdminUid );`
Added ajax scripts for setting pwd recovery preferences 2013-03-28 21:29:18 +04:00
			`// Ensure recoveryAdmin is ready for encryption (has usable keypair etc.)`
			`$util->setupServerSide( $_POST['recoveryPassword'] );`

			`// Store the UID in the DB`
Fixed proxy class handing of read / write files Various work on other classes 2013-04-10 19:37:03 +04:00			`OC_Appconfig::setValue( 'files_encryption', 'recoveryAdminUid', $recoveryAdminUid );`
Added ajax scripts for setting pwd recovery preferences 2013-03-28 21:29:18 +04:00
Fixed proxy class handing of read / write files Various work on other classes 2013-04-10 19:37:03 +04:00			`$return = true;`
Added ajax scripts for setting pwd recovery preferences 2013-03-28 21:29:18 +04:00
			`}`

Fixed recoveryadmin settings in user and admin settings pages (js, templates, ajax) Renamed recovery methods in Util{} for clarity Added note about bug causing slow page load and redundant keypair generation recoveryAdmin functionality not yet complete 2013-05-01 21:18:31 +04:00			`// Set recoveryAdmin as enabled`
			`OC_Appconfig::setValue( 'files_encryption', 'recoveryAdminEnabled', 1 );`

			`// Disable recoveryAdmin`
			`} elseif (`
			`isset( $_POST['adminEnableRecovery'] )`
			`&& 0 == $_POST['adminEnableRecovery']`
			`) {`

			`// Set recoveryAdmin as enabled`
			`OC_Appconfig::setValue( 'files_encryption', 'recoveryAdminEnabled', 0 );`

			`$return = true;`

Fixed proxy class handing of read / write files Various work on other classes 2013-04-10 19:37:03 +04:00			`}`

			`($return) ? OC_JSON::success() : OC_JSON::error();`