Only prevent disabling encrytion via the API

Signed-off-by: Joas Schilling <coding@schilljs.com>

apps/provisioning_api/lib/Controller/AppConfigController.php

@@ -106,7 +106,7 @@ class AppConfigController extends OCSController {
 	public function setValue(string $app, string $key, string $value): DataResponse {
 		try {
 			$this->verifyAppId($app);
-			$this->verifyConfigKey($app, $key);
+			$this->verifyConfigKey($app, $key, $value);
 		} catch (\InvalidArgumentException $e) {
 			return new DataResponse(['data' => ['message' => $e->getMessage()]], Http::STATUS_FORBIDDEN);
 		}
@@ -124,7 +124,7 @@ class AppConfigController extends OCSController {
 	public function deleteKey(string $app, string $key): DataResponse {
 		try {
 			$this->verifyAppId($app);
-			$this->verifyConfigKey($app, $key);
+			$this->verifyConfigKey($app, $key, '');
 		} catch (\InvalidArgumentException $e) {
 			return new DataResponse(['data' => ['message' => $e->getMessage()]], Http::STATUS_FORBIDDEN);
 		}
@@ -146,14 +146,19 @@ class AppConfigController extends OCSController {
 	/**
 	 * @param string $app
 	 * @param string $key
+	 * @param string $value
 	 * @throws \InvalidArgumentException
 	 */
-	protected function verifyConfigKey(string $app, string $key) {
+	protected function verifyConfigKey(string $app, string $key, string $value) {
 		if (in_array($key, ['installed_version', 'enabled', 'types'])) {
 			throw new \InvalidArgumentException('The given key can not be set');
 		}
 
-		if ($app === 'core' && ($key === 'encryption_enabled' || strpos($key, 'public_') === 0 || strpos($key, 'remote_') === 0)) {
+		if ($app === 'core' && $key === 'encryption_enabled' && $value !== 'yes') {
+			throw new \InvalidArgumentException('The given key can not be set');
+		}
+
+		if ($app === 'core' && (strpos($key, 'public_') === 0 || strpos($key, 'remote_') === 0)) {
 			throw new \InvalidArgumentException('The given key can not be set');
 		}
 	}

apps/provisioning_api/tests/Controller/AppConfigControllerTest.php

@@ -342,9 +342,10 @@ class AppConfigControllerTest extends TestCase {
 
 	public function dataVerifyConfigKey() {
 		return [
-			['activity', 'abc'],
-			['dav', 'public_route'],
-			['files', 'remote_route'],
+			['activity', 'abc', ''],
+			['dav', 'public_route', ''],
+			['files', 'remote_route', ''],
+			['core', 'encryption_enabled', 'yes'],
 		];
 	}
 
@@ -352,22 +353,25 @@ class AppConfigControllerTest extends TestCase {
 	 * @dataProvider dataVerifyConfigKey
 	 * @param string $app
 	 * @param string $key
+	 * @param string $value
 	 */
-	public function testVerifyConfigKey($app, $key) {
+	public function testVerifyConfigKey($app, $key, $value) {
 		$api = $this->getInstance();
-		$this->invokePrivate($api, 'verifyConfigKey', [$app, $key]);
+		$this->invokePrivate($api, 'verifyConfigKey', [$app, $key, $value]);
 		$this->addToAssertionCount(1);
 	}
 
 	public function dataVerifyConfigKeyThrows() {
 		return [
-			['activity', 'installed_version'],
-			['calendar', 'enabled'],
-			['contacts', 'types'],
-			['core', 'public_files'],
-			['core', 'public_dav'],
-			['core', 'remote_files'],
-			['core', 'remote_dav'],
+			['activity', 'installed_version', ''],
+			['calendar', 'enabled', ''],
+			['contacts', 'types', ''],
+			['core', 'encryption_enabled', 'no'],
+			['core', 'encryption_enabled', ''],
+			['core', 'public_files', ''],
+			['core', 'public_dav', ''],
+			['core', 'remote_files', ''],
+			['core', 'remote_dav', ''],
 		];
 	}
 
@@ -376,9 +380,10 @@ class AppConfigControllerTest extends TestCase {
 	 * @expectedException \InvalidArgumentException
 	 * @param string $app
 	 * @param string $key
+	 * @param string $value
 	 */
-	public function testVerifyConfigKeyThrows($app, $key) {
+	public function testVerifyConfigKeyThrows($app, $key, $value) {
 		$api = $this->getInstance();
-		$this->invokePrivate($api, 'verifyConfigKey', [$app, $key]);
+		$this->invokePrivate($api, 'verifyConfigKey', [$app, $key, $value]);
 	}
 }