From d7a9852f7b1ea7999f730fde8bd9816da68dad8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Schie=C3=9Fle?= Date: Thu, 6 Jun 2013 13:32:02 +0200 Subject: [PATCH] use pre_setPassword hook to update the encryption keys if the back-end doesn't support password change; improved output to let the admin know what happened --- apps/files_encryption/hooks/hooks.php | 9 ++++++++ apps/files_encryption/lib/helper.php | 1 + settings/ajax/changepassword.php | 30 +++++++++++++++++++-------- 3 files changed, 31 insertions(+), 9 deletions(-) diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index d1b08a0b97..c4b247da1e 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -141,6 +141,15 @@ class Hooks { \OC_FileProxy::$enabled = $proxyStatus; } + /** + * @brief If the password can't be changed within ownCloud, than update the key password in advance. + */ + public static function preSetPassphrase($params) { + if ( ! \OC_User::canUserChangePassword($params['uid']) ) { + self::setPassphrase($params); + } + } + /** * @brief Change a user's encryption passphrase * @param array $params keys: uid, password diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php index e078ab3554..184e178249 100755 --- a/apps/files_encryption/lib/helper.php +++ b/apps/files_encryption/lib/helper.php @@ -48,6 +48,7 @@ class Helper { \OCP\Util::connectHook('OC_User', 'post_login', 'OCA\Encryption\Hooks', 'login'); \OCP\Util::connectHook('OC_User', 'post_setPassword', 'OCA\Encryption\Hooks', 'setPassphrase'); + \OCP\Util::connectHook('OC_User', 'pre_setPassword', 'OCA\Encryption\Hooks', 'preSetPassphrase'); \OCP\Util::connectHook('OC_User', 'post_createUser', 'OCA\Encryption\Hooks', 'postCreateUser'); \OCP\Util::connectHook('OC_User', 'post_deleteUser', 'OCA\Encryption\Hooks', 'postDeleteUser'); } diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php index cb66c57c74..3087781055 100644 --- a/settings/ajax/changepassword.php +++ b/settings/ajax/changepassword.php @@ -28,17 +28,29 @@ if(is_null($userstatus)) { exit(); } -$util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), $username); $recoveryAdminEnabled = OC_Appconfig::getValue( 'files_encryption', 'recoveryAdminEnabled' ); -$recoveryEnabledForUser = $util->recoveryEnabledForUser(); -if ($recoveryAdminEnabled && $recoveryEnabledForUser && $recoveryPassword == '') { + +$validRecoveryPassword = false; +$recoveryPasswordSupported = false; + +if ($recoveryAdminEnabled) { + $util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), $username); + $validRecoveryPassword = $util->checkRecoveryPassword($recoveryPassword); + $recoveryPasswordSupported = $util->recoveryEnabledForUser(); +} + +if ($recoveryPasswordSupported && $recoveryPassword == '') { OC_JSON::error(array("data" => array( "message" => "Please provide a admin recovery password, otherwise all user data will be lost" ))); -}elseif ( $recoveryPassword && ! $util->checkRecoveryPassword($recoveryPassword) ) { +} elseif ( $recoveryPasswordSupported && ! $validRecoveryPassword) { OC_JSON::error(array("data" => array( "message" => "Wrong admin recovery password. Please check the password and try again." ))); -}elseif(!is_null($password) && OC_User::setPassword( $username, $password, $recoveryPassword )) { - OC_JSON::success(array("data" => array( "username" => $username ))); -} -else{ - OC_JSON::error(array("data" => array( "message" => "Unable to change password" ))); +} else { // now we know that everything is file regarding the recovery password, let's try to change the password + $result = OC_User::setPassword($username, $password, $recoveryPassword); + if (!$result && $recoveryPasswordSupported) { + OC_JSON::error(array("data" => array( "message" => "Back-end doesn't support password change, but the users encryption key was successfully updated." ))); + } elseif (!$result && !$recoveryPasswordSupported) { + OC_JSON::error(array("data" => array( "message" => "Unable to change password" ))); + } else { + OC_JSON::success(array("data" => array( "username" => $username ))); + } }