only create new key on password change if a recovery key exists or if the user don't have any private/public keys
This commit is contained in:
parent
8082ef2073
commit
58c0117c3d
|
@ -179,9 +179,9 @@ class Hooks {
|
||||||
// the necessary keys)
|
// the necessary keys)
|
||||||
if (Crypt::mode() === 'server') {
|
if (Crypt::mode() === 'server') {
|
||||||
|
|
||||||
if ($params['uid'] === \OCP\User::getUser()) {
|
$view = new \OC_FilesystemView('/');
|
||||||
|
|
||||||
$view = new \OC_FilesystemView('/');
|
if ($params['uid'] === \OCP\User::getUser()) {
|
||||||
|
|
||||||
$session = new \OCA\Encryption\Session($view);
|
$session = new \OCA\Encryption\Session($view);
|
||||||
|
|
||||||
|
@ -202,36 +202,41 @@ class Hooks {
|
||||||
} else { // admin changed the password for a different user, create new keys and reencrypt file keys
|
} else { // admin changed the password for a different user, create new keys and reencrypt file keys
|
||||||
|
|
||||||
$user = $params['uid'];
|
$user = $params['uid'];
|
||||||
$recoveryPassword = $params['recoveryPassword'];
|
$util = new Util($view, $user);
|
||||||
$newUserPassword = $params['password'];
|
$recoveryPassword = isset($params['recoveryPassword']) ? $params['recoveryPassword'] : null;
|
||||||
|
|
||||||
$view = new \OC_FilesystemView('/');
|
if (($util->recoveryEnabledForUser() && $recoveryPassword)
|
||||||
|
|| !$util->userKeysExists()) {
|
||||||
|
|
||||||
// make sure that the users home is mounted
|
$recoveryPassword = $params['recoveryPassword'];
|
||||||
\OC\Files\Filesystem::initMountPoints($user);
|
$newUserPassword = $params['password'];
|
||||||
|
|
||||||
$keypair = Crypt::createKeypair();
|
// make sure that the users home is mounted
|
||||||
|
\OC\Files\Filesystem::initMountPoints($user);
|
||||||
|
|
||||||
// Disable encryption proxy to prevent recursive calls
|
$keypair = Crypt::createKeypair();
|
||||||
$proxyStatus = \OC_FileProxy::$enabled;
|
|
||||||
\OC_FileProxy::$enabled = false;
|
|
||||||
|
|
||||||
// Save public key
|
// Disable encryption proxy to prevent recursive calls
|
||||||
$view->file_put_contents('/public-keys/' . $user . '.public.key', $keypair['publicKey']);
|
$proxyStatus = \OC_FileProxy::$enabled;
|
||||||
|
\OC_FileProxy::$enabled = false;
|
||||||
|
|
||||||
// Encrypt private key empty passphrase
|
// Save public key
|
||||||
$encryptedPrivateKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], $newUserPassword);
|
$view->file_put_contents('/public-keys/' . $user . '.public.key', $keypair['publicKey']);
|
||||||
|
|
||||||
// Save private key
|
// Encrypt private key empty passphrase
|
||||||
$view->file_put_contents(
|
$encryptedPrivateKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], $newUserPassword);
|
||||||
'/' . $user . '/files_encryption/' . $user . '.private.key', $encryptedPrivateKey);
|
|
||||||
|
|
||||||
if ($recoveryPassword) { // if recovery key is set we can re-encrypt the key files
|
// Save private key
|
||||||
$util = new Util($view, $user);
|
$view->file_put_contents(
|
||||||
$util->recoverUsersFiles($recoveryPassword);
|
'/' . $user . '/files_encryption/' . $user . '.private.key', $encryptedPrivateKey);
|
||||||
|
|
||||||
|
if ($recoveryPassword) { // if recovery key is set we can re-encrypt the key files
|
||||||
|
$util = new Util($view, $user);
|
||||||
|
$util->recoverUsersFiles($recoveryPassword);
|
||||||
|
}
|
||||||
|
|
||||||
|
\OC_FileProxy::$enabled = $proxyStatus;
|
||||||
}
|
}
|
||||||
|
|
||||||
\OC_FileProxy::$enabled = $proxyStatus;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue