no warning on password change if no encryption module uses per-user keys
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
This commit is contained in:
parent
d668e17769
commit
1a55ace97c
|
@ -42,6 +42,8 @@ use OCP\AppFramework\Http\DataResponse;
|
|||
use OCP\AppFramework\Utility\ITimeFactory;
|
||||
use OCP\BackgroundJob\IJobList;
|
||||
use OCP\Files\Config\IUserMountCache;
|
||||
use OCP\Encryption\IEncryptionModule;
|
||||
use OCP\Encryption\IManager;
|
||||
use OCP\IConfig;
|
||||
use OCP\IGroupManager;
|
||||
use OCP\IL10N;
|
||||
|
@ -99,9 +101,14 @@ class UsersController extends Controller {
|
|||
private $keyManager;
|
||||
/** @var IJobList */
|
||||
private $jobList;
|
||||
|
||||
/** @var IUserMountCache */
|
||||
private $userMountCache;
|
||||
|
||||
/** @var IManager */
|
||||
private $encryptionManager;
|
||||
|
||||
|
||||
/**
|
||||
* @param string $appName
|
||||
* @param IRequest $request
|
||||
|
@ -124,6 +131,7 @@ class UsersController extends Controller {
|
|||
* @param Manager $keyManager
|
||||
* @param IJobList $jobList
|
||||
* @param IUserMountCache $userMountCache
|
||||
* @param IManager $encryptionManager
|
||||
*/
|
||||
public function __construct($appName,
|
||||
IRequest $request,
|
||||
|
@ -145,7 +153,8 @@ class UsersController extends Controller {
|
|||
ICrypto $crypto,
|
||||
Manager $keyManager,
|
||||
IJobList $jobList,
|
||||
IUserMountCache $userMountCache) {
|
||||
IUserMountCache $userMountCache,
|
||||
IManager $encryptionManager) {
|
||||
parent::__construct($appName, $request);
|
||||
$this->userManager = $userManager;
|
||||
$this->groupManager = $groupManager;
|
||||
|
@ -165,6 +174,7 @@ class UsersController extends Controller {
|
|||
$this->keyManager = $keyManager;
|
||||
$this->jobList = $jobList;
|
||||
$this->userMountCache = $userMountCache;
|
||||
$this->encryptionManager = $encryptionManager;
|
||||
|
||||
// check for encryption state - TODO see formatUserForIndex
|
||||
$this->isEncryptionAppEnabled = $appManager->isEnabledForUser('encryption');
|
||||
|
@ -200,6 +210,17 @@ class UsersController extends Controller {
|
|||
// user also has recovery mode enabled
|
||||
$restorePossible = true;
|
||||
}
|
||||
} else {
|
||||
$modules = $this->encryptionManager->getEncryptionModules();
|
||||
$restorePossible = true;
|
||||
foreach ($modules as $id => $module) {
|
||||
/* @var IEncryptionModule $instance */
|
||||
$instance = call_user_func($module['callback']);
|
||||
if ($instance->needDetailedAccessList()) {
|
||||
$restorePossible = false;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
// recovery is possible if encryption is disabled (plain files are
|
||||
|
|
|
@ -20,6 +20,8 @@ use OCP\AppFramework\Http\DataResponse;
|
|||
use OCP\AppFramework\Utility\ITimeFactory;
|
||||
use OCP\BackgroundJob\IJobList;
|
||||
use OCP\Files\Config\IUserMountCache;
|
||||
use OCP\Encryption\IEncryptionModule;
|
||||
use OCP\Encryption\IManager;
|
||||
use OCP\IAvatar;
|
||||
use OCP\IAvatarManager;
|
||||
use OCP\IConfig;
|
||||
|
@ -82,6 +84,10 @@ class UsersControllerTest extends \Test\TestCase {
|
|||
private $securityManager;
|
||||
/** @var IUserMountCache |\PHPUnit_Framework_MockObject_MockObject */
|
||||
private $userMountCache;
|
||||
/** @var IManager | \PHPUnit_Framework_MockObject_MockObject */
|
||||
private $encryptionManager;
|
||||
/** @var IEncryptionModule | \PHPUnit_Framework_MockObject_MockObject */
|
||||
private $encryptionModule;
|
||||
|
||||
protected function setUp() {
|
||||
parent::setUp();
|
||||
|
@ -104,6 +110,7 @@ class UsersControllerTest extends \Test\TestCase {
|
|||
$this->crypto = $this->createMock(ICrypto::class);
|
||||
$this->securityManager = $this->getMockBuilder(\OC\Security\IdentityProof\Manager::class)->disableOriginalConstructor()->getMock();
|
||||
$this->jobList = $this->createMock(IJobList::class);
|
||||
$this->encryptionManager = $this->createMock(IManager::class);
|
||||
$this->l = $this->createMock(IL10N::class);
|
||||
$this->l->method('t')
|
||||
->will($this->returnCallback(function ($text, $parameters = []) {
|
||||
|
@ -111,6 +118,10 @@ class UsersControllerTest extends \Test\TestCase {
|
|||
}));
|
||||
$this->userMountCache = $this->createMock(IUserMountCache::class);
|
||||
|
||||
$this->encryptionModule = $this->createMock(IEncryptionModule::class);
|
||||
$this->encryptionManager->expects($this->any())->method('getEncryptionModules')
|
||||
->willReturn(['encryptionModule' => ['callback' => function() { return $this->encryptionModule;}]]);
|
||||
|
||||
/*
|
||||
* Set default avatar behaviour for whole test suite
|
||||
*/
|
||||
|
@ -154,8 +165,8 @@ class UsersControllerTest extends \Test\TestCase {
|
|||
$this->crypto,
|
||||
$this->securityManager,
|
||||
$this->jobList,
|
||||
$this->userMountCache
|
||||
|
||||
$this->userMountCache,
|
||||
$this->encryptionManager
|
||||
);
|
||||
} else {
|
||||
return $this->getMockBuilder(UsersController::class)
|
||||
|
@ -182,6 +193,7 @@ class UsersControllerTest extends \Test\TestCase {
|
|||
$this->securityManager,
|
||||
$this->jobList,
|
||||
$this->userMountCache,
|
||||
$this->encryptionManager
|
||||
]
|
||||
)->setMethods($mockedMethods)->getMock();
|
||||
}
|
||||
|
@ -1689,9 +1701,17 @@ class UsersControllerTest extends \Test\TestCase {
|
|||
$this->assertEquals($expectedResult, $result);
|
||||
}
|
||||
|
||||
public function testRestoreNotPossibleWithoutAdminRestore() {
|
||||
/**
|
||||
* @dataProvider dataTestRestoreNotPossibleWithoutAdminRestore
|
||||
*
|
||||
* @param bool $masterKeyEnabled
|
||||
*/
|
||||
public function testRestoreNotPossibleWithoutAdminRestore($masterKeyEnabled) {
|
||||
list($user, $expectedResult) = $this->mockUser();
|
||||
|
||||
// without the master key enabled we use per-user keys
|
||||
$this->encryptionModule->expects($this->once())->method('needDetailedAccessList')->willReturn(!$masterKeyEnabled);
|
||||
|
||||
$this->appManager
|
||||
->method('isEnabledForUser')
|
||||
->with(
|
||||
|
@ -1699,7 +1719,8 @@ class UsersControllerTest extends \Test\TestCase {
|
|||
)
|
||||
->will($this->returnValue(true));
|
||||
|
||||
$expectedResult['isRestoreDisabled'] = true;
|
||||
// without the master key enabled we use per-user keys -> restore is disabled
|
||||
$expectedResult['isRestoreDisabled'] = !$masterKeyEnabled;
|
||||
|
||||
$subadmin = $this->getMockBuilder('\OC\SubAdmin')
|
||||
->disableOriginalConstructor()
|
||||
|
@ -1718,6 +1739,13 @@ class UsersControllerTest extends \Test\TestCase {
|
|||
$this->assertEquals($expectedResult, $result);
|
||||
}
|
||||
|
||||
public function dataTestRestoreNotPossibleWithoutAdminRestore() {
|
||||
return [
|
||||
[true],
|
||||
[false]
|
||||
];
|
||||
}
|
||||
|
||||
public function testRestoreNotPossibleWithoutUserRestore() {
|
||||
list($user, $expectedResult) = $this->mockUser();
|
||||
|
||||
|
|
Loading…
Reference in New Issue