Development snapshot;
Fixed errors from Hooks::login(); Work on enable/disable recoveryAdmin for lost passwords in settings page (template, ajax, js); Work on fixing sharing files to users (still broken);
This commit is contained in:
Sam Tuke
parent
3cbfacb439
commit
14451bdaf0
|
|
@ -35,6 +35,18 @@ that file must have their sharekeys changed also. The keyfile and catfile
|
|||
however need only changing in the owners files, as there is only one copy of
|
||||
these.
|
||||
|
||||
Publicly shared files (public links)
|
||||
------------------------------------
|
||||
|
||||
Files shared via public links use a separate system user account called 'ownCloud'. All public files are shared to that user's public key, and the private key is used to access the files when the public link is used in browser.
|
||||
|
||||
This means that files shared via public links are accessible only to users who know the shared URL, or to admins who know the 'ownCloud' user password.
|
||||
|
||||
Lost password recovery
|
||||
----------------------
|
||||
|
||||
In order to enable users to read their encrypted files in the event of a password loss/reset scenario, administrators can choose to enable a 'recoveryAdmin' account. This is a user that all user files will automatically be shared to of the option is enabled. This allows the recoveryAdmin user to generate new keyfiles for the user. By default the UID of the recoveryAdmin is 'recoveryAdmin'.
|
||||
|
||||
Notes
|
||||
-----
|
||||
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ class Hooks {
|
|||
|
||||
// Manually initialise Filesystem{} singleton with correct
|
||||
// fake root path, in order to avoid fatal webdav errors
|
||||
\OC\Files\Filesystem::init( $params['uid'] . '/' . 'files' . '/' );
|
||||
\OC\Files\Filesystem::init( $params['uid'], '/' . 'files' . '/' );
|
||||
|
||||
$view = new \OC_FilesystemView( '/' );
|
||||
|
||||
|
|
@ -194,7 +194,8 @@ class Hooks {
|
|||
$util = new Util( $view, $userId );
|
||||
$path = $util->fileIdToPath( $params['itemSource'] );
|
||||
|
||||
$usersSharing = \OCP\Share::getUsersSharingFile( $path, true );
|
||||
// Note: this currently doesn't include the owner due to \OC\Files\Filesystem::getOwner()
|
||||
$usersSharing = $util->getUsersSharingFile( $path );
|
||||
|
||||
// Recursively expand path to include subfiles
|
||||
$allPaths = $util->getPaths( $path );
|
||||
|
|
|
|||
|
|
@ -6,12 +6,26 @@
|
|||
|
||||
|
||||
$(document).ready(function(){
|
||||
// Trigger ajax on filetype blacklist change
|
||||
$('#encryption_blacklist').multiSelect({
|
||||
oncheck:blackListChange,
|
||||
onuncheck:blackListChange,
|
||||
createText:'...'
|
||||
});
|
||||
|
||||
// Trigger ajax on recoveryAdmin status change
|
||||
$( 'input:radio[name="adminEnableRecovery"]' ).change(
|
||||
function() {
|
||||
$.post(
|
||||
'../ajax/adminrecovery.php'
|
||||
, $( this ).val()
|
||||
, function( data ) {
|
||||
// TODO: provide user with feedback of outcome
|
||||
}
|
||||
);
|
||||
}
|
||||
);
|
||||
|
||||
function blackListChange(){
|
||||
var blackList=$('#encryption_blacklist').val().join(',');
|
||||
OC.AppConfig.setValue('files_encryption','type_blacklist',blackList);
|
||||
|
|
|
|||
|
|
@ -391,8 +391,10 @@ class Keymanager {
|
|||
$result = true;
|
||||
}
|
||||
|
||||
if ( !result ) {
|
||||
if ( ! $result ) {
|
||||
|
||||
\OC_Log::write( 'Encryption library', 'Could not delete shareKey; does not exist: "' . $shareKeyPath, \OC_Log::ERROR );
|
||||
|
||||
}
|
||||
|
||||
\OC_FileProxy::$enabled = false;
|
||||
|
|
|
|||
|
|
@ -140,7 +140,7 @@ class Proxy extends \OC_FileProxy {
|
|||
if ( \OCP\Share::isEnabled() ) {
|
||||
|
||||
// Find out who, if anyone, is sharing the file
|
||||
$shareUids = \OCP\Share::getUsersSharingFile( $filePath, true );
|
||||
$shareUids = \OCP\Share::getUsersSharingFile( $filePath, true, true, true );
|
||||
|
||||
$userIds = array_merge( $userIds, $shareUids );
|
||||
|
||||
|
|
|
|||
|
|
@ -127,7 +127,7 @@ class Stream {
|
|||
|
||||
if ( ! is_resource( $this->handle ) ) {
|
||||
|
||||
\OCP\Util::writeLog( 'files_encryption', 'failed to open file "'.$this->rootView . '"', \OCP\Util::ERROR );
|
||||
\OCP\Util::writeLog( 'files_encryption', 'failed to open file "' . $this->relPath . '"', \OCP\Util::ERROR );
|
||||
|
||||
} else {
|
||||
|
||||
|
|
|
|||
|
|
@ -638,7 +638,7 @@ class Util {
|
|||
/**
|
||||
* @brief Filter an array of UIDs to return only ones ready for sharing
|
||||
* @param array $unfilteredUsers users to be checked for sharing readiness
|
||||
* @return array $userIds filtered users
|
||||
* @return multi-dimensional array. keys: ready, unready
|
||||
*/
|
||||
public function filterShareReadyUsers( $unfilteredUsers ) {
|
||||
|
||||
|
|
@ -649,6 +649,8 @@ class Util {
|
|||
foreach ( $unfilteredUsers as $user ) {
|
||||
|
||||
$util = new Util( $this->view, $user );
|
||||
|
||||
$readyIds = $unreadyIds = array();
|
||||
|
||||
// Check that the user is encryption capable, or is the
|
||||
// public system user 'ownCloud' (for public shares)
|
||||
|
|
@ -657,22 +659,26 @@ class Util {
|
|||
or $user == 'ownCloud'
|
||||
) {
|
||||
|
||||
// Construct array of just UIDs for Keymanager{}
|
||||
$userIds[] = $user;
|
||||
// Construct array of ready UIDs for Keymanager{}
|
||||
$readyIds[] = $user;
|
||||
|
||||
} else {
|
||||
|
||||
|
||||
// Construct array of unready UIDs for Keymanager{}
|
||||
$unreadyIds[] = $user;
|
||||
|
||||
// Log warning; we can't do necessary setup here
|
||||
// because we don't have the user passphrase
|
||||
// TODO: Provide user feedback indicating that
|
||||
// sharing failed
|
||||
\OC_Log::write( 'Encryption library', '"'.$user.'" is not setup for encryption', \OC_Log::WARN );
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
return $userIds;
|
||||
return array (
|
||||
'ready' => $userIds
|
||||
, 'unready' => $unreadyIds
|
||||
);
|
||||
|
||||
}
|
||||
|
||||
|
|
@ -778,8 +784,18 @@ class Util {
|
|||
// Make sure users are capable of sharing
|
||||
$filteredUids = $this->filterShareReadyUsers( $users );
|
||||
|
||||
// trigger_error( print_r($filteredUids, 1) );
|
||||
|
||||
if ( ! empty( $filteredUids['unready'] ) ) {
|
||||
|
||||
// Notify user of unready userDir
|
||||
// TODO: Move this out of here; it belongs somewhere else
|
||||
\OCP\JSON::error();
|
||||
|
||||
}
|
||||
|
||||
// Get public keys for each user, ready for generating sharekeys
|
||||
$userPubKeys = Keymanager::getPublicKeys( $this->view, $filteredUids ); // TODO: check this includes the owner's public key
|
||||
$userPubKeys = Keymanager::getPublicKeys( $this->view, $filteredUids['ready'] ); // TODO: check this includes the owner's public key
|
||||
|
||||
\OC_FileProxy::$enabled = false;
|
||||
|
||||
|
|
@ -814,8 +830,30 @@ class Util {
|
|||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Returns the users who are sharing a file, including the file owner
|
||||
* @param $path Relative path of the file, like files/file.txt
|
||||
* @return $users array of UIDs
|
||||
* @note This wraps the OCP\Share method, but includes the owner even if
|
||||
* the file isn't registered in sharing API
|
||||
*/
|
||||
public function getUsersSharingFile( $path ) {
|
||||
|
||||
$users = \OCP\Share::getUsersSharingFile( $path, true, true );
|
||||
|
||||
// FIXME: this is returning empty :/
|
||||
$owner = \OC\Files\Filesystem::getOwner( $path );
|
||||
|
||||
// trigger_error( var_export( $owner, 1));
|
||||
|
||||
$users[] = $owner;
|
||||
|
||||
return array_unique( $users );
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
/**
|
||||
* @brief get uid of the owners of the file and the path to the file
|
||||
* @param $filename
|
||||
* @return array
|
||||
|
|
|
|||
|
|
@ -12,8 +12,14 @@ $tmpl = new OCP\Template( 'files_encryption', 'settings' );
|
|||
|
||||
$blackList = explode( ',', \OCP\Config::getAppValue( 'files_encryption', 'type_blacklist', '' ) );
|
||||
|
||||
// Check if an adminRecovery account is enabled for recovering files after lost pwd
|
||||
$view = new OC_FilesystemView( '' );
|
||||
$util = new \OCA\Encryption\Util( $view, \OCP\USER::getUser() );
|
||||
$recoveryEnabled = $util->recoveryEnabled();
|
||||
|
||||
$tmpl->assign( 'blacklist', $blackList );
|
||||
$tmpl->assign( 'encryption_mode', \OC_Appconfig::getValue( 'files_encryption', 'mode', 'none' ) );
|
||||
$tmpl->assign( 'recoveryEnabled', $recoveryEnabled );
|
||||
|
||||
\OCP\Util::addscript( 'files_encryption', 'settings' );
|
||||
\OCP\Util::addscript( 'core', 'multiselect' );
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@
|
|||
|
||||
<p>
|
||||
<strong><?php p($l->t( 'Encryption' )); ?></strong>
|
||||
<br />
|
||||
|
||||
<?php p($l->t( "Exclude the following file types from encryption:" )); ?>
|
||||
<br />
|
||||
|
|
@ -16,5 +17,23 @@
|
|||
<?php endforeach;?>
|
||||
</select>
|
||||
</p>
|
||||
<p>
|
||||
<?php p($l->t( "Enable encryption passwords recovery account (allow sharing to recovery account):" )); ?>
|
||||
<br />
|
||||
<input
|
||||
type='radio'
|
||||
name='adminEnableRecovery'
|
||||
value='1'
|
||||
<?php echo ( $_["recoveryEnabled"] == 1 ? 'checked="checked"' : '' ); ?> />
|
||||
<?php p($l->t( "Enabled" )); ?>
|
||||
<br />
|
||||
|
||||
<input
|
||||
type='radio'
|
||||
name='adminEnableRecovery'
|
||||
value='0'
|
||||
<?php echo ( $_["recoveryEnabled"] == 0 ? 'checked="checked"' : '' ); ?> />
|
||||
<?php p($l->t( "Disabled" )); ?>
|
||||
</p>
|
||||
</fieldset>
|
||||
</form>
|
||||
|
|
|
|||
Loading…
Reference in New Issue