mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add prefix to user and system keys to avoid name collisions 

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
This commit is contained in:
Bjoern Schiessle 2017-07-27 16:52:28 +02:00 committed by Morris Jobke
parent 5f49398e13
commit 3e6833f5a6
No known key found for this signature in database
GPG Key ID: FE03C3A163FEDE68
4 changed files with 122 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/private/Repair.php
View File

@ -31,6 +31,7 @@
namespace OC; namespace OC;
use OC\App\AppStore\Bundles\BundleFetcher; use OC\App\AppStore\Bundles\BundleFetcher;
use OC\Files\AppData\Factory;
use OC\Repair\CleanTags; use OC\Repair\CleanTags;
use OC\Repair\Collation; use OC\Repair\Collation;
use OC\Repair\MoveUpdaterStepFile; use OC\Repair\MoveUpdaterStepFile;
@ -39,6 +40,7 @@ use OC\Repair\NC11\FixMountStorages;
use OC\Repair\NC11\MoveAvatars; use OC\Repair\NC11\MoveAvatars;
use OC\Repair\NC12\InstallCoreBundle; use OC\Repair\NC12\InstallCoreBundle;
use OC\Repair\NC12\UpdateLanguageCodes; use OC\Repair\NC12\UpdateLanguageCodes;
use OC\Repair\NC13\RepairIdentityProofKeyFolders;
use OC\Repair\OldGroupMembershipShares; use OC\Repair\OldGroupMembershipShares;
use OC\Repair\Owncloud\DropAccountTermsTable; use OC\Repair\Owncloud\DropAccountTermsTable;
use OC\Repair\Owncloud\SaveAccountsTableData; use OC\Repair\Owncloud\SaveAccountsTableData;
@ -146,7 +148,8 @@ class Repair implements IOutput{
\OC::$server->getConfig(), \OC::$server->getConfig(),
\OC::$server->query(Installer::class) \OC::$server->query(Installer::class)
), ),
new RepairInvalidPaths(\OC::$server->getDatabaseConnection(), \OC::$server->getConfig()) new RepairInvalidPaths(\OC::$server->getDatabaseConnection(), \OC::$server->getConfig()),
new RepairIdentityProofKeyFolders(\OC::$server->getConfig(), \OC::$server->query(Factory::class), \OC::$server->getRootFolder()),
]; ];
} }

110
lib/private/Repair/NC13/RepairIdentityProofKeyFolders.php Normal file
View File

@ -0,0 +1,110 @@
<?php
/**
* @copyright Copyright (c) 2017 Bjoern Schiessle <bjoern@schiessle.org>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OC\Repair\NC13;
use OC\Files\AppData\Factory;
use OCP\Files\IRootFolder;
use OCP\Files\SimpleFS\ISimpleFolder;
use OCP\IConfig;
use OCP\Migration\IOutput;
use OCP\Migration\IRepairStep;
class RepairIdentityProofKeyFolders implements IRepairStep {
/** @var IConfig */
private $config;
/** @var \OC\Files\AppData\AppData */
private $appDataIdentityProof;
/** @var IRootFolder */
private $rootFolder;
/** @var string */
private $identityProofDir;
/**
* RepairIdentityProofKeyFolders constructor.
*
* @param IConfig $config
* @param Factory $appDataFactory
* @param IRootFolder $rootFolder
*/
public function __construct(IConfig $config, Factory $appDataFactory, IRootFolder $rootFolder) {
$this->config = $config;
$this->appDataIdentityProof = $appDataFactory->get('identityproof');
$this->rootFolder = $rootFolder;
$instanceId = $this->config->getSystemValue('instanceid', null);
if ($instanceId === null) {
throw new \RuntimeException('no instance id!');
}
$this->identityProofDir = 'appdata_' . $instanceId . '/identityproof/';
}
/**
* Returns the step's name
*
* @return string
* @since 9.1.0
*/
public function getName() {
return "Rename folder with user specific keys";
}
/**
* Run repair step.
* Must throw exception on error.
*
* @param IOutput $output
* @throws \Exception in case of failure
* @since 9.1.0
*/
public function run(IOutput $output) {
$versionFromBeforeUpdate = $this->config->getSystemValue('version', '0.0.0');
if (version_compare($versionFromBeforeUpdate, '13.0.0.1', '<=')) {
$count = $this->repair();
$output->info('Repaired ' . $count . ' folders');
}
}
/**
* rename all dirs with user specific keys to 'user-uid'
*
* @return int
*/
private function repair() {
$count = 0;
$dirListing = $this->appDataIdentityProof->getDirectoryListing();
/** @var ISimpleFolder $folder */
foreach ($dirListing as $folder) {
$name = $folder->getName();
$node = $this->rootFolder->get($this->identityProofDir . $name);
$node->move($this->identityProofDir . 'user-' . $name);
$count++;
}
return $count;
}
}

5
lib/private/Security/IdentityProof/Manager.php
View File

@ -121,7 +121,8 @@ class Manager {
* @return Key * @return Key
*/ */
public function getKey(IUser $user) { public function getKey(IUser $user) {
return $this->retrieveKey($user->getUID()); $uid = $user->getUID();
return $this->retrieveKey('user-' . $uid);
} }
/** /**
@ -135,7 +136,7 @@ class Manager {
if ($instanceId === null) { if ($instanceId === null) {
throw new \RuntimeException('no instance id!'); throw new \RuntimeException('no instance id!');
} }
return $this->retrieveKey($instanceId); return $this->retrieveKey('system-' . $instanceId);
} }

10
tests/lib/Security/IdentityProof/ManagerTest.php
View File

@ -119,7 +119,7 @@ class ManagerTest extends TestCase {
$this->appData $this->appData
->expects($this->once()) ->expects($this->once())
->method('getFolder') ->method('getFolder')
->with('MyUid') ->with('user-MyUid')
->willReturn($folder); ->willReturn($folder);
$expected = new Key('MyPublicKey', 'MyPrivateKey'); $expected = new Key('MyPublicKey', 'MyPrivateKey');
@ -135,7 +135,7 @@ class ManagerTest extends TestCase {
$this->appData $this->appData
->expects($this->at(0)) ->expects($this->at(0))
->method('getFolder') ->method('getFolder')
->with('MyUid') ->with('user-MyUid')
->willThrowException(new \Exception()); ->willThrowException(new \Exception());
$this->manager $this->manager
->expects($this->once()) ->expects($this->once())
@ -144,7 +144,7 @@ class ManagerTest extends TestCase {
$this->appData $this->appData
->expects($this->at(1)) ->expects($this->at(1))
->method('newFolder') ->method('newFolder')
->with('MyUid'); ->with('user-MyUid');
$folder = $this->createMock(ISimpleFolder::class); $folder = $this->createMock(ISimpleFolder::class);
$this->crypto $this->crypto
->expects($this->once()) ->expects($this->once())
@ -174,7 +174,7 @@ class ManagerTest extends TestCase {
$this->appData $this->appData
->expects($this->at(2)) ->expects($this->at(2))
->method('getFolder') ->method('getFolder')
->with('MyUid') ->with('user-MyUid')
->willReturn($folder); ->willReturn($folder);
@ -203,7 +203,7 @@ class ManagerTest extends TestCase {
$this->config->expects($this->once())->method('getSystemValue') $this->config->expects($this->once())->method('getSystemValue')
->with('instanceid', null)->willReturn('instanceId'); ->with('instanceid', null)->willReturn('instanceId');
$manager->expects($this->once())->method('retrieveKey')->with('instanceId') $manager->expects($this->once())->method('retrieveKey')->with('system-instanceId')
->willReturn($key); ->willReturn($key);
$this->assertSame($key, $manager->getSystemKey()); $this->assertSame($key, $manager->getSystemKey());