diff --git a/apps/files_encryption/ajax/adminrecovery.php b/apps/files_encryption/ajax/adminrecovery.php new file mode 100644 index 0000000000..f22114f851 --- /dev/null +++ b/apps/files_encryption/ajax/adminrecovery.php @@ -0,0 +1,72 @@ +setValue( $app, $key, $value ) + + + * This file is licensed under the Affero General Public License version 3 or later. + * See the COPYING-README file. + * + * @brief Script to handle admin settings for encrypted key recovery + */ + +use OCA\Encryption; + +\OCP\JSON::checkAdminUser(); +\OCP\JSON::checkAppEnabled( 'files_encryption' ); +\OCP\JSON::callCheck(); + +if ( + isset( $_POST['adminEnableRecovery'] ) + && $_POST['adminEnableRecovery'] == 1 + && isset( $_POST['recoveryPassword'] ) + && ! empty ( $_POST['recoveryPassword'] ) +) { + + // TODO: Let the admin set this themselves + $recoveryAdminUid = 'recoveryAdmin'; + + // If desired recoveryAdmin UID is already in use + if ( ! \OC_User::userExists( $recoveryAdminUid ) ) { + + // Create new recoveryAdmin user + \OC_User::createUser( $recoveryAdminUid, $_POST['recoveryPassword'] ); + + $doSetup = true; + + } else { + + // Get list of admin users + $admins = OC_Group::usersInGroup( 'admin' ); + + // If the existing recoveryAdmin UID is an admin + if ( in_array( $recoveryAdminUid, $admins ) ) { + + // The desired recoveryAdmi UID pre-exists and can be used + $doSetup = true; + + // If the recoveryAdmin UID exists but doesn't have admin rights + } else { + + \OCP\JSON::error(); + + } + + } + + // If recoveryAdmin has passed other checks + if ( $doSetup ) { + + $view = new \OC_FilesystemView( '/' ); + $util = new Util( $view, $recoveryAdminUid ); + + // Ensure recoveryAdmin is ready for encryption (has usable keypair etc.) + $util->setupServerSide( $_POST['recoveryPassword'] ); + + // Store the UID in the DB + OC_Appconfig::setValue( 'encryption', 'recoveryAdminUid', $recoveryAdminUid ); + + \OCP\JSON::success(); + + } + +} \ No newline at end of file diff --git a/apps/files_encryption/ajax/userrecovery.php b/apps/files_encryption/ajax/userrecovery.php new file mode 100644 index 0000000000..56c18f7ad5 --- /dev/null +++ b/apps/files_encryption/ajax/userrecovery.php @@ -0,0 +1,42 @@ +setValue( $app, $key, $value ) + + + * This file is licensed under the Affero General Public License version 3 or later. + * See the COPYING-README file. + * + * @brief Script to handle admin settings for encrypted key recovery + */ + +use OCA\Encryption; + +\OCP\JSON::checkLoggedIn(); +\OCP\JSON::checkAppEnabled( 'files_encryption' ); +\OCP\JSON::callCheck(); + +if ( + isset( $_POST['userEnableRecovery'] ) +) { + + // Ensure preference is an integer + $recoveryEnabled = intval( $_POST['userEnableRecovery'] ); + + $userId = \OCP\USER::getUser(); + $view = new \OC_FilesystemView( '/' ); + $util = new Util( $view, $userId ); + + // Save recovery preference to DB + $result = $util->setRecovery( $recoveryEnabled ); + + if ( $result ) { + + \OCP\JSON::success(); + + } else { + + \OCP\JSON::error(); + + } + +} \ No newline at end of file