Work on post_share hook for files_encryption
New method in OCP\Share{}:: getUsersSharingFile() Development shapshot
This commit is contained in:
parent
1aba986d9f
commit
b3e59ca1e3
|
@ -166,14 +166,77 @@ class Hooks {
|
|||
*/
|
||||
public static function postShared( $params ) {
|
||||
|
||||
// Delete existing catfile
|
||||
Keymanager::deleteFileKey( );
|
||||
// NOTE: $params is an array with these keys:
|
||||
// itemSource -> int, filecache file ID
|
||||
// shareWith -> string, uid of user being shared to
|
||||
// fileTarget -> path of file being shared
|
||||
// uidOwner -> owner of the original file being shared
|
||||
|
||||
// Generate new catfile and env keys
|
||||
Crypt::multiKeyEncrypt( $plainContent, $publicKeys );
|
||||
$view = new \OC_FilesystemView( '/' );
|
||||
$userId = \OCP\User::getUser();
|
||||
$util = new Util( $view, $userId );
|
||||
|
||||
$shares = \OCP\Share::getUsersSharingFile( $params['fileTarget'] );
|
||||
|
||||
$userIds = array();
|
||||
|
||||
foreach ( $shares as $share ) {
|
||||
|
||||
$util = new Util( $view, $share['userId'] );
|
||||
|
||||
// Check that the user is encryption capable
|
||||
if ( $util->ready() ) {
|
||||
|
||||
// Construct array of just UIDs for Keymanager{}
|
||||
$userIds[] = $share['userId'];
|
||||
|
||||
} else {
|
||||
|
||||
// Log warning; we can't do necessary setup here
|
||||
// because we don't have the user passphrase
|
||||
// TODO: Provide user feedback indicating that
|
||||
// sharing failed
|
||||
\OC_Log::write( 'Encryption library', 'File cannot be shared: user "'.$share['userId'].'" is not setup for encryption', \OC_Log::WARN );
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
trigger_error("UIDS = ".var_export($userIds, 1));
|
||||
|
||||
$userPubKeys = Keymanager::getPublicKeys( $view, $userIds );
|
||||
|
||||
// trigger_error("PUB KEYS = ".var_export($userPubKeys, 1));
|
||||
|
||||
// TODO: Fetch path from Crypt{} getter
|
||||
$plainContent = $view->file_get_contents( $userId . '/' . 'files'. '/' . $params['fileTarget'] );
|
||||
|
||||
// Generate new catfile and share keys
|
||||
if ( ! $encrypted = Crypt::multiKeyEncrypt( $plainContent, $userPubKeys ) ) {
|
||||
|
||||
// If the re-encryption failed, don't risk deleting data
|
||||
return false;
|
||||
|
||||
}
|
||||
|
||||
trigger_error("ENCRYPTED = ". var_export($encrypted, 1));
|
||||
|
||||
// Save env keys to user folders
|
||||
foreach ( $encrypted['keys'] as $key ) {
|
||||
|
||||
// Keymanager::setShareKey( $view, $params['fileTarget'], $userId, $key );
|
||||
|
||||
}
|
||||
|
||||
// Delete existing catfile
|
||||
// Check if keyfile exists (it won't if file has been shared before)
|
||||
// Do this last to ensure file is recoverable in case of error
|
||||
if ( $util->isEncryptedPath( $params['fileTarget'] ) ) {
|
||||
|
||||
// NOTE: This will trigger an error if keyfile isn't found
|
||||
// Keymanager::deleteFileKey( $params['fileTarget'] );
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -57,7 +57,7 @@ class Keymanager {
|
|||
}
|
||||
|
||||
/**
|
||||
* @brief retrieve both keys from a user (private and public)
|
||||
* @brief Retrieve a user's public and private key
|
||||
* @param \OC_FilesystemView $view
|
||||
* @param $userId
|
||||
* @return array keys: privateKey, publicKey
|
||||
|
@ -72,49 +72,26 @@ class Keymanager {
|
|||
}
|
||||
|
||||
/**
|
||||
* @brief Retrieve public keys of all users with access to a file
|
||||
* @param string $path Path to file
|
||||
* @return array of public keys for the given file
|
||||
* @note Checks that the sharing app is enabled should be performed
|
||||
* by client code, that isn't checked here
|
||||
* @brief Retrieve public keys for given users
|
||||
* @param \OC_FilesystemView $view
|
||||
* @param array $userIds
|
||||
* @return array of public keys for the specified users
|
||||
*/
|
||||
public static function getPublicKeys( \OC_FilesystemView $view, $userId, $filePath ) {
|
||||
public static function getPublicKeys( \OC_FilesystemView $view, $userIds ) {
|
||||
|
||||
$path = ltrim( $path, '/' );
|
||||
$i = 0;
|
||||
$keys = array();
|
||||
|
||||
$filepath = '/' . $userId . '/files/' . $filePath;
|
||||
foreach ( $userIds as $userId ) {
|
||||
|
||||
// Check if sharing is enabled
|
||||
if ( OC_App::isEnabled( 'files_sharing' ) ) {
|
||||
|
||||
|
||||
|
||||
} else {
|
||||
|
||||
// check if it is a file owned by the user and not shared at all
|
||||
$userview = new \OC_FilesystemView( '/'.$userId.'/files/' );
|
||||
|
||||
if ( $userview->file_exists( $path ) ) {
|
||||
|
||||
$users[] = $userId;
|
||||
$i++;
|
||||
$keys[$userId] = self::getPublicKey( $view, $userId );
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
$keys['total'] = $i;
|
||||
|
||||
$view = new \OC_FilesystemView( '/public-keys/' );
|
||||
|
||||
$keylist = array();
|
||||
|
||||
$count = 0;
|
||||
|
||||
foreach ( $users as $user ) {
|
||||
|
||||
$keylist['key'.++$count] = $view->file_get_contents( $user.'.public.key' );
|
||||
|
||||
}
|
||||
|
||||
return $keylist;
|
||||
return $keys;
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -95,7 +95,8 @@ class Proxy extends \OC_FileProxy {
|
|||
|
||||
if ( self::shouldEncrypt( $path ) ) {
|
||||
|
||||
if ( !is_resource( $data ) ) { //stream put contents should have been converted to fopen
|
||||
// Stream put contents should have been converted to fopen
|
||||
if ( !is_resource( $data ) ) {
|
||||
|
||||
$userId = \OCP\USER::getUser();
|
||||
|
||||
|
@ -107,10 +108,33 @@ class Proxy extends \OC_FileProxy {
|
|||
// Disable encryption proxy to prevent recursive calls
|
||||
\OC_FileProxy::$enabled = false;
|
||||
|
||||
// TODO: Check if file is shared, if so, use multiKeyEncrypt
|
||||
$fileOwner = \OC\Files\Filesystem::getOwner( $path );
|
||||
|
||||
// Encrypt plain data and fetch key
|
||||
$encrypted = Crypt::keyEncryptKeyfile( $data, Keymanager::getPublicKey( $rootView, $userId ) );
|
||||
// Check if the keyfile needs to be shared
|
||||
if (
|
||||
$fileOwner !== true
|
||||
or $fileOwner !== $userId
|
||||
) {
|
||||
|
||||
// Shared storage backend isn't loaded
|
||||
|
||||
$users = \OCP\Share::getItemShared( 'file', $path, \OC_Share_backend_File::FORMAT_SHARED_STORAGE );
|
||||
//
|
||||
trigger_error("SHARE USERS = ". var_export($users, 1));
|
||||
//
|
||||
// $publicKeys = Keymanager::getPublicKeys( $rootView, $users);
|
||||
//
|
||||
// // Encrypt plain data to multiple users
|
||||
// $encrypted = Crypt::multiKeyEncrypt( $data, $publicKeys );
|
||||
|
||||
} else {
|
||||
|
||||
$publicKey = Keymanager::getPublicKey( $rootView, $userId );
|
||||
|
||||
// Encrypt plain data to a single user
|
||||
$encrypted = Crypt::keyEncryptKeyfile( $data, $publicKey );
|
||||
|
||||
}
|
||||
|
||||
// Replace plain content with encrypted content by reference
|
||||
$data = $encrypted['data'];
|
||||
|
|
|
@ -92,6 +92,60 @@ class Share {
|
|||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Find which users can access a shared item
|
||||
* @param string Item type
|
||||
* @param int Format (optional) Format type must be defined by the backend
|
||||
* @param int Number of items to return (optional) Returns all by default
|
||||
* @return Return depends on format
|
||||
*/
|
||||
public static function getUsersSharingFile( $path ) {
|
||||
|
||||
// Fetch all shares of this file path from DB
|
||||
$query = \OC_DB::prepare(
|
||||
'SELECT
|
||||
share_type
|
||||
, share_with
|
||||
, permissions
|
||||
FROM
|
||||
`*PREFIX*share`
|
||||
WHERE
|
||||
file_target = ?'
|
||||
);
|
||||
|
||||
$result = $query->execute( array( $path ) );
|
||||
|
||||
if ( \OC_DB::isError( $result ) ) {
|
||||
|
||||
\OC_Log::write( 'OCP\Share', \OC_DB::getErrorMessage($result) . ', path=' . $path, \OC_Log::ERROR );
|
||||
|
||||
}
|
||||
|
||||
$shares = array();
|
||||
|
||||
while( $row = $result->fetchRow() ) {
|
||||
|
||||
// Set helpful array keys
|
||||
$shares[] = array(
|
||||
'userId' => $row['share_with']
|
||||
, 'shareType' => $row['share_type']
|
||||
, 'permissions' => $row['permissions']
|
||||
);
|
||||
|
||||
}
|
||||
|
||||
if ( ! empty( $shares ) ) {
|
||||
|
||||
return $shares;
|
||||
|
||||
} else {
|
||||
|
||||
return false;
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Get the items of item type shared with the current user
|
||||
* @param string Item type
|
||||
|
|
Loading…
Reference in New Issue