Merge pull request #3512 from owncloud/file_encryption_session_fix

fix for losing private key while being logged in and accessing a public link

apps/files_encryption/lib/helper.php

@@ -173,4 +173,20 @@ class Helper
 
 		return $return;
 	}
+
+
+	/**
+	 * @brief checks if access is public/anonymous user
+	 * @return bool
+	 */
+	public static function isPublicAccess() {
+		if (\OCP\USER::getUser() === false
+			|| (isset($_GET['service']) && $_GET['service'] == 'files'
+				&& isset($_GET['t']))
+		) {
+			return true;
+		} else {
+			return false;
+		}
+	}
 }

apps/files_encryption/lib/session.php

@@ -83,17 +83,14 @@ class Session
 
 		}
 
-		if ( \OCP\USER::getUser() === false ||
+		if (\OCA\Encryption\Helper::isPublicAccess()) {
-			( isset( $_GET['service'] ) && $_GET['service'] == 'files' &&
-				isset( $_GET['t'] ) )
-		) {
 			// Disable encryption proxy to prevent recursive calls
 			$proxyStatus = \OC_FileProxy::$enabled;
 			\OC_FileProxy::$enabled = false;
 
 			$encryptedKey = $this->view->file_get_contents( '/owncloud_private_key/' . $publicShareKeyId . '.private.key' );
 			$privateKey = Crypt::symmetricDecryptFileContent( $encryptedKey, '' );
-			$this->setPrivateKey( $privateKey );
+			$this->setPublicSharePrivateKey( $privateKey );
 
 			\OC_FileProxy::$enabled = $proxyStatus;
 		}
@@ -103,6 +100,8 @@ class Session
 	 * @brief Sets user private key to session
 	 * @param string $privateKey
 	 * @return bool
+	 *
+	 * @note this should only be set on login
 	 */
 	public function setPrivateKey( $privateKey ) {
 
@@ -113,27 +112,53 @@ class Session
 	}
 
 	/**
-	 * @brief Gets user private key from session
+	 * @brief Gets user or public share private key from session
 	 * @returns string $privateKey The user's plaintext private key
 	 *
 	 */
 	public function getPrivateKey() {
 
-		if (
+		// return the public share private key if this is a public access
-			isset( $_SESSION['privateKey'] )
+		if (\OCA\Encryption\Helper::isPublicAccess()) {
-			&& !empty( $_SESSION['privateKey'] )
+			return $this->getPublicSharePrivateKey();
-		) {
-
-			return $_SESSION['privateKey'];
-
 		} else {
+			if (isset($_SESSION['privateKey']) && !empty($_SESSION['privateKey'])) {
+				return $_SESSION['privateKey'];
+			} else {
+				return false;
+			}
+		}
+	}
 
+	/**
+	 * @brief Sets public user private key to session
+	 * @param string $privateKey
+	 * @return bool
+	 */
+	public function setPublicSharePrivateKey($privateKey) {
+
+		$_SESSION['publicSharePrivateKey'] = $privateKey;
+
+		return true;
+
+	}
+
+	/**
+	 * @brief Gets public share private key from session
+	 * @returns string $privateKey
+	 *
+	 */
+	public function getPublicSharePrivateKey() {
+
+		if (isset($_SESSION['publicSharePrivateKey']) && !empty($_SESSION['publicSharePrivateKey'])) {
+			return $_SESSION['publicSharePrivateKey'];
+		} else {
 			return false;
-
 		}
 
 	}
 
+
 	/**
 	 * @brief Sets user legacy key to session
 	 * @param $legacyKey

apps/files_encryption/lib/util.php

@@ -127,13 +127,11 @@ class Util {
 		$this->recoveryKeyId = \OC_Appconfig::getValue('files_encryption', 'recoveryKeyId');
 
 		// if we are anonymous/public
-		if ($this->userId === false
+		if (\OCA\Encryption\Helper::isPublicAccess()) {
-			|| (isset($_GET['service']) && $_GET['service'] == 'files' && isset($_GET['t']))
-		) {
 			$this->userId = $this->publicShareKeyId;
 
 			// only handle for files_sharing app
-			if ($GLOBALS['app'] === 'files_sharing') {
+			if (isset($GLOBALS['app']) && $GLOBALS['app'] === 'files_sharing') {
 				$this->userDir = '/' . $GLOBALS['fileOwner'];
 				$this->fileFolderName = 'files';
 				$this->userFilesDir = '/' . $GLOBALS['fileOwner'] . '/'