From a969c23e59e26f2d82a1f8626444a59ae003c30e Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Thu, 9 Aug 2012 14:25:09 +0200
Subject: [PATCH] disable admin choice of encryption mode once a decision was
 taken

---
 apps/files_encryption/js/settings-personal.js |  2 +-
 apps/files_encryption/js/settings.js          | 19 +++++++++++++++----
 apps/files_encryption/lib/keymanager.php      |  7 +++++++
 apps/files_encryption/templates/settings.php  | 12 +++++++-----
 4 files changed, 30 insertions(+), 10 deletions(-)

diff --git a/apps/files_encryption/js/settings-personal.js b/apps/files_encryption/js/settings-personal.js
index f335cf7f88..d70f9318e5 100644
--- a/apps/files_encryption/js/settings-personal.js
+++ b/apps/files_encryption/js/settings-personal.js
@@ -22,7 +22,7 @@ $(document).ready(function(){
 		   		$.post(OC.filePath('files_encryption', 'ajax', 'mode.php'), { mode: 'server', newpasswd: data[0].value, oldpasswd: data[1].value }, function(result) {
 		   			if (result.status != 'success') {
 		   				document.getElementById(prevmode+'_encryption').checked = true;
-		   				OC.dialogs.alert(t('encryption', 'Please check your passwords and try again'), t('encryption', 'Could not change encryption password to login password'))
+		   				OC.dialogs.alert(t('encryption', 'Please check your passwords and try again'), t('encryption', 'Could not change your file encryption password to your login password'))
 		   			}
 		   		});
 		    });
diff --git a/apps/files_encryption/js/settings.js b/apps/files_encryption/js/settings.js
index 19ff27a3b2..60563bde85 100644
--- a/apps/files_encryption/js/settings.js
+++ b/apps/files_encryption/js/settings.js
@@ -23,13 +23,24 @@ $(document).ready(function(){
 			 ,server=$('input[value="server"]:checked').val()
 			 ,user=$('input[value="user"]:checked').val()
 			 ,none=$('input[value="none"]:checked').val()
-		if (client)
+			 ,disable=false
+		if (client) {
 			OC.AppConfig.setValue('files_encryption','mode','client');
-		else if (server)
+			disable = true;
+		} else if (server) {
 			OC.AppConfig.setValue('files_encryption','mode','server');
-		else if (user)
+			disable = true;
+		} else if (user) {
 			OC.AppConfig.setValue('files_encryption','mode','user');
-		else
+			disable = true;
+		} else {
 			OC.AppConfig.setValue('files_encryption','mode','none');
+		}
+		if (disable) {
+			document.getElementById('server_encryption').disabled = true;
+			document.getElementById('client_encryption').disabled = true;
+			document.getElementById('user_encryption').disabled = true;
+			document.getElementById('none_encryption').disabled = true;
+		}
 	})
 })
\ No newline at end of file
diff --git a/apps/files_encryption/lib/keymanager.php b/apps/files_encryption/lib/keymanager.php
index 4c30c16395..62c5082a2f 100644
--- a/apps/files_encryption/lib/keymanager.php
+++ b/apps/files_encryption/lib/keymanager.php
@@ -199,6 +199,13 @@ class Keymanager {
 		return $result;
 	}
 	
+	/**
+	 * @brief change password of private encryption key
+	 *
+	 * @param string $oldpasswd old password
+	 * @param string $newpasswd new password
+	 * @return bool true/false
+	 */
 	public static function changePasswd($oldpasswd, $newpasswd) {
 		if ( \OCP\User::checkPassword(\OCP\User::getUser(), $newpasswd) ) {
 			return Crypt::changekeypasscode($oldpasswd, $newpasswd);
diff --git a/apps/files_encryption/templates/settings.php b/apps/files_encryption/templates/settings.php
index 4133f4573d..e2a9bcc3be 100644
--- a/apps/files_encryption/templates/settings.php
+++ b/apps/files_encryption/templates/settings.php
@@ -2,12 +2,14 @@
 	<fieldset class="personalblock">
 		
 	<strong>Choose encryption mode:</strong>
-		
+	
+	<p><i>Important: Once you selected an encryption mode there is no way to change it back</i></p>
+	
 	<p>
-	<input type="radio" name="encryption_mode" value="client" style="width:20px;" <?php if ($_['encryption_mode'] == 'client') echo "checked='checked'"; if ($_['encryption_mode'] != 'none') echo "DISABLED"?>/> Client side encryption (most secure but makes it impossible to access your data from the web interface)<br />
-	<input type="radio" name="encryption_mode" value="server" style="width:20px;" <?php if ($_['encryption_mode'] == 'server') echo "checked='checked'"; if ($_['encryption_mode'] != 'none') echo "DISABLED"?> /> Server side encryption (allows you to access your files from the web interface and the desktop client)<br />
-	<input type="radio" name="encryption_mode" value="user" style="width:20px;" <?php if ($_['encryption_mode'] == 'user') echo "checked='checked'"; if ($_['encryption_mode'] != 'none') echo "DISABLED"?>/> User specific (let the user decide)<br/>
-	<input type="radio" name="encryption_mode" value="none" style="width:20px;" <?php if ($_['encryption_mode'] == 'none') echo "checked='checked'"; if ($_['encryption_mode'] != 'none') echo "DISABLED"?>/> None (no encryption at all)<br/>
+	<input type="radio" name="encryption_mode" id="client_encryption" value="client" style="width:20px;" <?php if ($_['encryption_mode'] == 'client') echo "checked='checked'"; if ($_['encryption_mode'] != 'none') echo "DISABLED"?>/> Client side encryption (most secure but makes it impossible to access your data from the web interface)<br />
+	<input type="radio" name="encryption_mode" id="server_encryption" value="server" style="width:20px;" <?php if ($_['encryption_mode'] == 'server') echo "checked='checked'"; if ($_['encryption_mode'] != 'none') echo "DISABLED"?> /> Server side encryption (allows you to access your files from the web interface and the desktop client)<br />
+	<input type="radio" name="encryption_mode" id="user_encryption" value="user" style="width:20px;" <?php if ($_['encryption_mode'] == 'user') echo "checked='checked'"; if ($_['encryption_mode'] != 'none') echo "DISABLED"?>/> User specific (let the user decide)<br/>
+	<input type="radio" name="encryption_mode" id="none_encryption" value="none" style="width:20px;" <?php if ($_['encryption_mode'] == 'none') echo "checked='checked'"; if ($_['encryption_mode'] != 'none') echo "DISABLED"?>/> None (no encryption at all)<br/>
 	</p>	
 	<p>	
 	<strong><?php echo $l->t('Encryption'); ?></strong>