public upload now also works with encryption enabled
This commit is contained in:
parent
318db64b2d
commit
b27fc42e1f
|
@ -108,7 +108,6 @@ if ($needUpgrade) {
|
||||||
// if the encryption app is disabled, than everything is fine (INIT_SUCCESSFUL status code)
|
// if the encryption app is disabled, than everything is fine (INIT_SUCCESSFUL status code)
|
||||||
$encryptionInitStatus = 2;
|
$encryptionInitStatus = 2;
|
||||||
if (OC_App::isEnabled('files_encryption')) {
|
if (OC_App::isEnabled('files_encryption')) {
|
||||||
$publicUploadEnabled = 'no';
|
|
||||||
$session = new \OCA\Encryption\Session(new \OC\Files\View('/'));
|
$session = new \OCA\Encryption\Session(new \OC\Files\View('/'));
|
||||||
$encryptionInitStatus = $session->getInitialized();
|
$encryptionInitStatus = $session->getInitialized();
|
||||||
}
|
}
|
||||||
|
|
|
@ -112,6 +112,7 @@ class Keymanager {
|
||||||
* @brief store file encryption key
|
* @brief store file encryption key
|
||||||
*
|
*
|
||||||
* @param \OC_FilesystemView $view
|
* @param \OC_FilesystemView $view
|
||||||
|
* @param \OCA\Encryption\Util $util
|
||||||
* @param string $path relative path of the file, including filename
|
* @param string $path relative path of the file, including filename
|
||||||
* @param $userId
|
* @param $userId
|
||||||
* @param $catfile
|
* @param $catfile
|
||||||
|
@ -120,13 +121,11 @@ class Keymanager {
|
||||||
* @note The keyfile is not encrypted here. Client code must
|
* @note The keyfile is not encrypted here. Client code must
|
||||||
* asymmetrically encrypt the keyfile before passing it to this method
|
* asymmetrically encrypt the keyfile before passing it to this method
|
||||||
*/
|
*/
|
||||||
public static function setFileKey(\OC_FilesystemView $view, $path, $userId, $catfile) {
|
public static function setFileKey(\OC_FilesystemView $view, $util, $path, $userId, $catfile) {
|
||||||
|
|
||||||
$proxyStatus = \OC_FileProxy::$enabled;
|
$proxyStatus = \OC_FileProxy::$enabled;
|
||||||
\OC_FileProxy::$enabled = false;
|
\OC_FileProxy::$enabled = false;
|
||||||
|
|
||||||
$userId = Helper::getUser($path);
|
|
||||||
$util = new Util($view, $userId);
|
|
||||||
list($owner, $filename) = $util->getUidAndFilename($path);
|
list($owner, $filename) = $util->getUidAndFilename($path);
|
||||||
|
|
||||||
// in case of system wide mount points the keys are stored directly in the data directory
|
// in case of system wide mount points the keys are stored directly in the data directory
|
||||||
|
@ -315,19 +314,16 @@ class Keymanager {
|
||||||
/**
|
/**
|
||||||
* @brief store multiple share keys for a single file
|
* @brief store multiple share keys for a single file
|
||||||
* @param \OC_FilesystemView $view
|
* @param \OC_FilesystemView $view
|
||||||
* @param $path
|
* @param \OCA\Encryption\Util $util
|
||||||
|
* @param string $path
|
||||||
* @param array $shareKeys
|
* @param array $shareKeys
|
||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
public static function setShareKeys(\OC_FilesystemView $view, $path, array $shareKeys) {
|
public static function setShareKeys(\OC_FilesystemView $view, $util, $path, array $shareKeys) {
|
||||||
|
|
||||||
// $shareKeys must be an array with the following format:
|
// $shareKeys must be an array with the following format:
|
||||||
// [userId] => [encrypted key]
|
// [userId] => [encrypted key]
|
||||||
|
|
||||||
$userId = Helper::getUser($path);
|
|
||||||
|
|
||||||
$util = new Util($view, $userId);
|
|
||||||
|
|
||||||
list($owner, $filename) = $util->getUidAndFilename($path);
|
list($owner, $filename) = $util->getUidAndFilename($path);
|
||||||
|
|
||||||
// in case of system wide mount points the keys are stored directly in the data directory
|
// in case of system wide mount points the keys are stored directly in the data directory
|
||||||
|
|
|
@ -47,8 +47,10 @@ class Proxy extends \OC_FileProxy {
|
||||||
*/
|
*/
|
||||||
private static function shouldEncrypt($path) {
|
private static function shouldEncrypt($path) {
|
||||||
|
|
||||||
|
$userId = Helper::getUser($path);
|
||||||
|
|
||||||
if (\OCP\App::isEnabled('files_encryption') === false || Crypt::mode() !== 'server' ||
|
if (\OCP\App::isEnabled('files_encryption') === false || Crypt::mode() !== 'server' ||
|
||||||
strpos($path, '/' . \OCP\User::getUser() . '/files') !== 0) {
|
strpos($path, '/' . $userId . '/files') !== 0) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -244,9 +246,6 @@ class Proxy extends \OC_FileProxy {
|
||||||
// split the path parts
|
// split the path parts
|
||||||
$pathParts = explode('/', $path);
|
$pathParts = explode('/', $path);
|
||||||
|
|
||||||
// get relative path
|
|
||||||
$relativePath = \OCA\Encryption\Helper::stripUserFilesPath($path);
|
|
||||||
|
|
||||||
// FIXME: handling for /userId/cache used by webdav for chunking. The cache chunks are NOT encrypted
|
// FIXME: handling for /userId/cache used by webdav for chunking. The cache chunks are NOT encrypted
|
||||||
if (isset($pathParts[2]) && $pathParts[2] === 'cache') {
|
if (isset($pathParts[2]) && $pathParts[2] === 'cache') {
|
||||||
return $result;
|
return $result;
|
||||||
|
|
|
@ -90,11 +90,14 @@ class Stream {
|
||||||
$this->rootView = new \OC_FilesystemView('/');
|
$this->rootView = new \OC_FilesystemView('/');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// rawPath is relative to the data directory
|
||||||
|
$this->rawPath = \OC\Files\Filesystem::normalizePath(str_replace('crypt://', '', $path));
|
||||||
|
|
||||||
$this->session = new \OCA\Encryption\Session($this->rootView);
|
$this->session = new \OCA\Encryption\Session($this->rootView);
|
||||||
|
|
||||||
$this->privateKey = $this->session->getPrivateKey();
|
$this->privateKey = $this->session->getPrivateKey();
|
||||||
|
|
||||||
$userId = Helper::getUser($path);
|
$userId = Helper::getUser($this->rawPath);
|
||||||
|
|
||||||
$util = new Util($this->rootView, $userId);
|
$util = new Util($this->rootView, $userId);
|
||||||
|
|
||||||
|
@ -102,9 +105,6 @@ class Stream {
|
||||||
// public share key ID
|
// public share key ID
|
||||||
$this->userId = $util->getUserId();
|
$this->userId = $util->getUserId();
|
||||||
|
|
||||||
// rawPath is relative to the data directory
|
|
||||||
$this->rawPath = \OC\Files\Filesystem::normalizePath(str_replace('crypt://', '', $path));
|
|
||||||
|
|
||||||
// Strip identifier text from path, this gives us the path relative to data/<user>/files
|
// Strip identifier text from path, this gives us the path relative to data/<user>/files
|
||||||
$this->relPath = Helper::stripUserFilesPath($this->rawPath);
|
$this->relPath = Helper::stripUserFilesPath($this->rawPath);
|
||||||
// if raw path doesn't point to a real file, check if it is a version or a file in the trash bin
|
// if raw path doesn't point to a real file, check if it is a version or a file in the trash bin
|
||||||
|
@ -518,7 +518,7 @@ class Stream {
|
||||||
$util = new Util($this->rootView, $userId);
|
$util = new Util($this->rootView, $userId);
|
||||||
|
|
||||||
// Get all users sharing the file includes current user
|
// Get all users sharing the file includes current user
|
||||||
$uniqueUserIds = $util->getSharingUsersArray($sharingEnabled, $this->relPath, $this->userId);
|
$uniqueUserIds = $util->getSharingUsersArray($sharingEnabled, $this->relPath, $userId);
|
||||||
$checkedUserIds = $util->filterShareReadyUsers($uniqueUserIds);
|
$checkedUserIds = $util->filterShareReadyUsers($uniqueUserIds);
|
||||||
|
|
||||||
// Fetch public keys for all sharing users
|
// Fetch public keys for all sharing users
|
||||||
|
@ -528,10 +528,10 @@ class Stream {
|
||||||
$this->encKeyfiles = Crypt::multiKeyEncrypt($this->plainKey, $publicKeys);
|
$this->encKeyfiles = Crypt::multiKeyEncrypt($this->plainKey, $publicKeys);
|
||||||
|
|
||||||
// Save the new encrypted file key
|
// Save the new encrypted file key
|
||||||
Keymanager::setFileKey($this->rootView, $this->relPath, $this->userId, $this->encKeyfiles['data']);
|
Keymanager::setFileKey($this->rootView, $util, $this->relPath, $userId, $this->encKeyfiles['data']);
|
||||||
|
|
||||||
// Save the sharekeys
|
// Save the sharekeys
|
||||||
Keymanager::setShareKeys($this->rootView, $this->relPath, $this->encKeyfiles['keys']);
|
Keymanager::setShareKeys($this->rootView, $util, $this->relPath, $this->encKeyfiles['keys']);
|
||||||
|
|
||||||
// Re-enable proxy - our work is done
|
// Re-enable proxy - our work is done
|
||||||
\OC_FileProxy::$enabled = $proxyStatus;
|
\OC_FileProxy::$enabled = $proxyStatus;
|
||||||
|
|
|
@ -1097,8 +1097,8 @@ class Util {
|
||||||
// Save the recrypted key to it's owner's keyfiles directory
|
// Save the recrypted key to it's owner's keyfiles directory
|
||||||
// Save new sharekeys to all necessary user directory
|
// Save new sharekeys to all necessary user directory
|
||||||
if (
|
if (
|
||||||
!Keymanager::setFileKey($this->view, $filePath, $fileOwner, $multiEncKey['data'])
|
!Keymanager::setFileKey($this->view, $this, $filePath, $fileOwner, $multiEncKey['data'])
|
||||||
|| !Keymanager::setShareKeys($this->view, $filePath, $multiEncKey['keys'])
|
|| !Keymanager::setShareKeys($this->view, $this, $filePath, $multiEncKey['keys'])
|
||||||
) {
|
) {
|
||||||
|
|
||||||
\OCP\Util::writeLog('Encryption library',
|
\OCP\Util::writeLog('Encryption library',
|
||||||
|
|
|
@ -145,13 +145,15 @@ class Test_Encryption_Keymanager extends \PHPUnit_Framework_TestCase {
|
||||||
|
|
||||||
$file = 'unittest-' . time() . '.txt';
|
$file = 'unittest-' . time() . '.txt';
|
||||||
|
|
||||||
|
$util = new Encryption\Util($this->view, $this->userId);
|
||||||
|
|
||||||
// Disable encryption proxy to prevent recursive calls
|
// Disable encryption proxy to prevent recursive calls
|
||||||
$proxyStatus = \OC_FileProxy::$enabled;
|
$proxyStatus = \OC_FileProxy::$enabled;
|
||||||
\OC_FileProxy::$enabled = false;
|
\OC_FileProxy::$enabled = false;
|
||||||
|
|
||||||
$this->view->file_put_contents($this->userId . '/files/' . $file, $this->dataShort);
|
$this->view->file_put_contents($this->userId . '/files/' . $file, $this->dataShort);
|
||||||
|
|
||||||
Encryption\Keymanager::setFileKey($this->view, $file, $this->userId, $key);
|
Encryption\Keymanager::setFileKey($this->view, $util, $file, $this->userId, $key);
|
||||||
|
|
||||||
$this->assertTrue($this->view->file_exists('/' . $this->userId . '/files_encryption/keyfiles/' . $file . '.key'));
|
$this->assertTrue($this->view->file_exists('/' . $this->userId . '/files_encryption/keyfiles/' . $file . '.key'));
|
||||||
|
|
||||||
|
|
|
@ -152,9 +152,6 @@ if (isset($path)) {
|
||||||
$tmpl->assign('sharingToken', $token);
|
$tmpl->assign('sharingToken', $token);
|
||||||
$tmpl->assign('disableSharing', true);
|
$tmpl->assign('disableSharing', true);
|
||||||
$allowPublicUploadEnabled = (bool) ($linkItem['permissions'] & OCP\PERMISSION_CREATE);
|
$allowPublicUploadEnabled = (bool) ($linkItem['permissions'] & OCP\PERMISSION_CREATE);
|
||||||
if (\OCP\App::isEnabled('files_encryption')) {
|
|
||||||
$allowPublicUploadEnabled = false;
|
|
||||||
}
|
|
||||||
if (OC_Appconfig::getValue('core', 'shareapi_allow_public_upload', 'yes') === 'no') {
|
if (OC_Appconfig::getValue('core', 'shareapi_allow_public_upload', 'yes') === 'no') {
|
||||||
$allowPublicUploadEnabled = false;
|
$allowPublicUploadEnabled = false;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue