nextcloud/apps/files_encryption/tests/share.php

785 lines
29 KiB
PHP
Executable File

<?php
/**
* ownCloud
*
* @author Florin Peter
* @copyright 2013 Florin Peter <owncloud@florin-peter.de>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
require_once realpath( dirname( __FILE__ ) . '/../3rdparty/Crypt_Blowfish/Blowfish.php' );
require_once realpath( dirname( __FILE__ ) . '/../../../lib/base.php' );
require_once realpath( dirname( __FILE__ ) . '/../lib/crypt.php' );
require_once realpath( dirname( __FILE__ ) . '/../lib/keymanager.php' );
require_once realpath( dirname( __FILE__ ) . '/../lib/proxy.php' );
require_once realpath( dirname( __FILE__ ) . '/../lib/stream.php' );
require_once realpath( dirname( __FILE__ ) . '/../lib/util.php' );
require_once realpath( dirname( __FILE__ ) . '/../lib/helper.php' );
require_once realpath( dirname( __FILE__ ) . '/../appinfo/app.php' );
use OCA\Encryption;
/**
* Class Test_Encryption_Share
*/
class Test_Encryption_Share extends \PHPUnit_Framework_TestCase
{
public $stateFilesTrashbin;
public $filename;
public $dataShort;
/**
* @var OC_FilesystemView
*/
public $view;
public $folder1;
public $subfolder;
public $subsubfolder;
public static function setUpBeforeClass() {
// reset backend
\OC_User::clearBackends();
\OC_User::useBackend( 'database' );
// enable resharing
\OC_Appconfig::setValue( 'core', 'shareapi_allow_resharing', 'yes' );
// clear share hooks
\OC_Hook::clear( 'OCP\\Share' );
\OC::registerShareHooks();
\OCP\Util::connectHook( 'OC_Filesystem', 'setup', '\OC\Files\Storage\Shared', 'setup' );
// Sharing related hooks
\OCA\Encryption\Helper::registerShareHooks();
// Filesystem related hooks
\OCA\Encryption\Helper::registerFilesystemHooks();
// clear and register hooks
\OC_FileProxy::clearProxies();
\OC_FileProxy::register( new OCA\Encryption\Proxy() );
// create users
\Test_Encryption_Share::loginHelper( 'user1', true );
\Test_Encryption_Share::loginHelper( 'user2', true );
\Test_Encryption_Share::loginHelper( 'user3', true );
// create group and assign users
\OC_Group::createGroup( 'group1' );
\OC_Group::addToGroup( 'user2', 'group1' );
\OC_Group::addToGroup( 'user3', 'group1' );
}
function setUp() {
$this->dataShort = 'hats';
$this->view = new \OC_FilesystemView( '/' );
$userHome = \OC_User::getHome( 'admin' );
$this->dataDir = str_replace( '/admin', '', $userHome );
$this->folder1 = '/folder1';
$this->subfolder = '/subfolder1';
$this->subsubfolder = '/subsubfolder1';
$this->filename = 'share-tmp.test';
// we don't want to tests with app files_trashbin enabled
\OC_App::disable( 'files_trashbin' );
// remember files_trashbin state
$this->stateFilesTrashbin = OC_App::isEnabled( 'files_trashbin' );
}
function tearDown() {
// reset app files_trashbin
if ( $this->stateFilesTrashbin ) {
OC_App::enable( 'files_trashbin' );
} else {
OC_App::disable( 'files_trashbin' );
}
}
public static function tearDownAfterClass() {
// clean group
\OC_Group::deleteGroup( 'group1' );
// cleanup users
\OC_User::deleteUser( 'user1' );
\OC_User::deleteUser( 'user2' );
\OC_User::deleteUser( 'user3' );
}
/**
* @param bool $withTeardown
*/
function testShareFile( $withTeardown = true ) {
// login as admin
$this->loginHelper( 'admin' );
// save file with content
$cryptedFile = file_put_contents( 'crypt://' . $this->filename, $this->dataShort );
// test that data was successfully written
$this->assertTrue( is_int( $cryptedFile ) );
// disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
// get the file info from previous created file
$fileInfo = $this->view->getFileInfo( '/admin/files/' . $this->filename );
// check if we have a valid file info
$this->assertTrue( is_array( $fileInfo ) );
// check if the unencrypted file size is stored
$this->assertGreaterThan( 0, $fileInfo['unencrypted_size'] );
// re-enable the file proxy
\OC_FileProxy::$enabled = $proxyStatus;
// share the file
\OCP\Share::shareItem( 'file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user1', OCP\PERMISSION_ALL );
// login as admin
$this->loginHelper( 'admin' );
// check if share key for user1 exists
$this->assertTrue( $this->view->file_exists( '/admin/files_encryption/share-keys/' . $this->filename . '.user1.shareKey' ) );
// login as user1
$this->loginHelper( 'user1' );
// get file contents
$retrievedCryptedFile = $this->view->file_get_contents( '/user1/files/Shared/' . $this->filename );
// check if data is the same as we previously written
$this->assertEquals( $this->dataShort, $retrievedCryptedFile );
// cleanup
if ( $withTeardown ) {
// login as admin
$this->loginHelper( 'admin' );
// unshare the file
\OCP\Share::unshare( 'file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user1' );
// check if share key not exists
$this->assertFalse( $this->view->file_exists( '/admin/files_encryption/share-keys/' . $this->filename . '.user1.shareKey' ) );
// cleanup
$this->view->unlink( '/admin/files/' . $this->filename );
// check if share key not exists
$this->assertFalse( $this->view->file_exists( '/admin/files_encryption/share-keys/' . $this->filename . '.admin.shareKey' ) );
}
}
/**
* @param bool $withTeardown
*/
function testReShareFile( $withTeardown = true ) {
$this->testShareFile( false );
// login as user1
$this->loginHelper( 'user1' );
// get the file info
$fileInfo = $this->view->getFileInfo( '/user1/files/Shared/' . $this->filename );
// share the file with user2
\OCP\Share::shareItem( 'file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user2', OCP\PERMISSION_ALL );
// login as admin
$this->loginHelper( 'admin' );
// check if share key for user2 exists
$this->assertTrue( $this->view->file_exists( '/admin/files_encryption/share-keys/' . $this->filename . '.user2.shareKey' ) );
// login as user2
$this->loginHelper( 'user2' );
// get file contents
$retrievedCryptedFile = $this->view->file_get_contents( '/user2/files/Shared/' . $this->filename );
// check if data is the same as previously written
$this->assertEquals( $this->dataShort, $retrievedCryptedFile );
// cleanup
if ( $withTeardown ) {
// login as user1
$this->loginHelper( 'user1' );
// unshare the file with user2
\OCP\Share::unshare( 'file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user2' );
// login as admin
$this->loginHelper( 'admin' );
// check if share key not exists
$this->assertFalse( $this->view->file_exists( '/admin/files_encryption/share-keys/' . $this->filename . '.user2.shareKey' ) );
// unshare the file with user1
\OCP\Share::unshare( 'file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user1' );
// check if share key not exists
$this->assertFalse( $this->view->file_exists( '/admin/files_encryption/share-keys/' . $this->filename . '.user1.shareKey' ) );
// cleanup
$this->view->unlink( '/admin/files/' . $this->filename );
// check if share key not exists
$this->assertFalse( $this->view->file_exists( '/admin/files_encryption/share-keys/' . $this->filename . '.admin.shareKey' ) );
}
}
/**
* @param bool $withTeardown
* @return array
*/
function testShareFolder( $withTeardown = true ) {
// login as admin
$this->loginHelper( 'admin' );
// create folder structure
$this->view->mkdir( '/admin/files' . $this->folder1 );
$this->view->mkdir( '/admin/files' . $this->folder1 . $this->subfolder );
$this->view->mkdir( '/admin/files' . $this->folder1 . $this->subfolder . $this->subsubfolder );
// save file with content
$cryptedFile = file_put_contents( 'crypt://' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename, $this->dataShort );
// test that data was successfully written
$this->assertTrue( is_int( $cryptedFile ) );
// disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
// get the file info from previous created folder
$fileInfo = $this->view->getFileInfo( '/admin/files' . $this->folder1 );
// check if we have a valid file info
$this->assertTrue( is_array( $fileInfo ) );
// re-enable the file proxy
\OC_FileProxy::$enabled = $proxyStatus;
// share the folder with user1
\OCP\Share::shareItem( 'folder', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user1', OCP\PERMISSION_ALL );
// login as admin
$this->loginHelper( 'admin' );
// check if share key for user1 exists
$this->assertTrue( $this->view->file_exists( '/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user1.shareKey' ) );
// login as user1
$this->loginHelper( 'user1' );
// get file contents
$retrievedCryptedFile = $this->view->file_get_contents( '/user1/files/Shared' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename );
// check if data is the same
$this->assertEquals( $this->dataShort, $retrievedCryptedFile );
// cleanup
if ( $withTeardown ) {
// login as admin
$this->loginHelper( 'admin' );
// unshare the folder with user1
\OCP\Share::unshare( 'folder', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user1' );
// check if share key not exists
$this->assertFalse( $this->view->file_exists( '/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user1.shareKey' ) );
// cleanup
$this->view->unlink( '/admin/files' . $this->folder1 );
// check if share key not exists
$this->assertFalse( $this->view->file_exists( '/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.admin.shareKey' ) );
}
return $fileInfo;
}
/**
* @param bool $withTeardown
*/
function testReShareFolder( $withTeardown = true ) {
$fileInfoFolder1 = $this->testShareFolder( false );
// login as user1
$this->loginHelper( 'user1' );
// disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
// get the file info from previous created folder
$fileInfoSubFolder = $this->view->getFileInfo( '/user1/files/Shared' . $this->folder1 . $this->subfolder );
// check if we have a valid file info
$this->assertTrue( is_array( $fileInfoSubFolder ) );
// re-enable the file proxy
\OC_FileProxy::$enabled = $proxyStatus;
// share the file with user2
\OCP\Share::shareItem( 'folder', $fileInfoSubFolder['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user2', OCP\PERMISSION_ALL );
// login as admin
$this->loginHelper( 'admin' );
// check if share key for user2 exists
$this->assertTrue( $this->view->file_exists( '/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user2.shareKey' ) );
// login as user2
$this->loginHelper( 'user2' );
// get file contents
$retrievedCryptedFile = $this->view->file_get_contents( '/user2/files/Shared' . $this->subfolder . $this->subsubfolder . '/' . $this->filename );
// check if data is the same
$this->assertEquals( $this->dataShort, $retrievedCryptedFile );
// get the file info
$fileInfo = $this->view->getFileInfo( '/user2/files/Shared' . $this->subfolder . $this->subsubfolder . '/' . $this->filename );
// check if we have fileInfos
$this->assertTrue( is_array( $fileInfo ) );
// share the file with user3
\OCP\Share::shareItem( 'file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user3', OCP\PERMISSION_ALL );
// login as admin
$this->loginHelper( 'admin' );
// check if share key for user3 exists
$this->assertTrue( $this->view->file_exists( '/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user3.shareKey' ) );
// login as user3
$this->loginHelper( 'user3' );
// get file contents
$retrievedCryptedFile = $this->view->file_get_contents( '/user3/files/Shared/' . $this->filename );
// check if data is the same
$this->assertEquals( $this->dataShort, $retrievedCryptedFile );
// cleanup
if ( $withTeardown ) {
// login as user2
$this->loginHelper( 'user2' );
// unshare the file with user3
\OCP\Share::unshare( 'file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user3' );
// check if share key not exists
$this->assertFalse( $this->view->file_exists( '/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user3.shareKey' ) );
// login as user1
$this->loginHelper( 'user1' );
// unshare the folder with user2
\OCP\Share::unshare( 'folder', $fileInfoSubFolder['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user2' );
// check if share key not exists
$this->assertFalse( $this->view->file_exists( '/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user2.shareKey' ) );
// login as admin
$this->loginHelper( 'admin' );
// unshare the folder1 with user1
\OCP\Share::unshare( 'folder', $fileInfoFolder1['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user1' );
// check if share key not exists
$this->assertFalse( $this->view->file_exists( '/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user1.shareKey' ) );
// cleanup
$this->view->unlink( '/admin/files' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename );
// check if share key not exists
$this->assertFalse( $this->view->file_exists( '/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.admin.shareKey' ) );
}
}
function testPublicShareFile() {
// login as admin
$this->loginHelper( 'admin' );
// save file with content
$cryptedFile = file_put_contents( 'crypt://' . $this->filename, $this->dataShort );
// test that data was successfully written
$this->assertTrue( is_int( $cryptedFile ) );
// disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
// get the file info from previous created file
$fileInfo = $this->view->getFileInfo( '/admin/files/' . $this->filename );
// check if we have a valid file info
$this->assertTrue( is_array( $fileInfo ) );
// check if the unencrypted file size is stored
$this->assertGreaterThan( 0, $fileInfo['unencrypted_size'] );
// re-enable the file proxy
\OC_FileProxy::$enabled = $proxyStatus;
// share the file
\OCP\Share::shareItem( 'file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_LINK, false, OCP\PERMISSION_ALL );
// login as admin
$this->loginHelper( 'admin' );
$publicShareKeyId = \OC_Appconfig::getValue( 'files_encryption', 'publicShareKeyId' );
// check if share key for public exists
$this->assertTrue( $this->view->file_exists( '/admin/files_encryption/share-keys/' . $this->filename . '.' . $publicShareKeyId . '.shareKey' ) );
// some hacking to simulate public link
$GLOBALS['app'] = 'files_sharing';
$GLOBALS['fileOwner'] = 'admin';
\OC_User::setUserId( '' );
// get file contents
$retrievedCryptedFile = file_get_contents( 'crypt://' . $this->filename );
// check if data is the same as we previously written
$this->assertEquals( $this->dataShort, $retrievedCryptedFile );
// tear down
// login as admin
$this->loginHelper( 'admin' );
// unshare the file
\OCP\Share::unshare( 'file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_LINK, null );
// check if share key not exists
$this->assertFalse( $this->view->file_exists( '/admin/files_encryption/share-keys/' . $this->filename . '.' . $publicShareKeyId . '.shareKey' ) );
// cleanup
$this->view->unlink( '/admin/files/' . $this->filename );
// check if share key not exists
$this->assertFalse( $this->view->file_exists( '/admin/files_encryption/share-keys/' . $this->filename . '.admin.shareKey' ) );
}
function testShareFileWithGroup() {
// login as admin
$this->loginHelper( 'admin' );
// save file with content
$cryptedFile = file_put_contents( 'crypt://' . $this->filename, $this->dataShort );
// test that data was successfully written
$this->assertTrue( is_int( $cryptedFile ) );
// disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
// get the file info from previous created file
$fileInfo = $this->view->getFileInfo( '/admin/files/' . $this->filename );
// check if we have a valid file info
$this->assertTrue( is_array( $fileInfo ) );
// check if the unencrypted file size is stored
$this->assertGreaterThan( 0, $fileInfo['unencrypted_size'] );
// re-enable the file proxy
\OC_FileProxy::$enabled = $proxyStatus;
// share the file
\OCP\Share::shareItem( 'file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP, 'group1', OCP\PERMISSION_ALL );
// login as admin
$this->loginHelper( 'admin' );
// check if share key for user2 and user3 exists
$this->assertTrue( $this->view->file_exists( '/admin/files_encryption/share-keys/' . $this->filename . '.user2.shareKey' ) );
$this->assertTrue( $this->view->file_exists( '/admin/files_encryption/share-keys/' . $this->filename . '.user3.shareKey' ) );
// login as user1
$this->loginHelper( 'user2' );
// get file contents
$retrievedCryptedFile = $this->view->file_get_contents( '/user2/files/Shared/' . $this->filename );
// check if data is the same as we previously written
$this->assertEquals( $this->dataShort, $retrievedCryptedFile );
// login as admin
$this->loginHelper( 'admin' );
// unshare the file
\OCP\Share::unshare( 'file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP, 'group1' );
// check if share key not exists
$this->assertFalse( $this->view->file_exists( '/admin/files_encryption/share-keys/' . $this->filename . '.user2.shareKey' ) );
$this->assertFalse( $this->view->file_exists( '/admin/files_encryption/share-keys/' . $this->filename . '.user3.shareKey' ) );
// cleanup
$this->view->unlink( '/admin/files/' . $this->filename );
// check if share key not exists
$this->assertFalse( $this->view->file_exists( '/admin/files_encryption/share-keys/' . $this->filename . '.admin.shareKey' ) );
}
function testRecoveryFile() {
// login as admin
$this->loginHelper( 'admin' );
\OCA\Encryption\Helper::adminEnableRecovery( null, 'test123' );
$recoveryKeyId = OC_Appconfig::getValue( 'files_encryption', 'recoveryKeyId' );
// check if control file created
$this->assertTrue( $this->view->file_exists( '/control-file/controlfile.enc' ) );
// login as admin
$this->loginHelper( 'admin' );
$util = new \OCA\Encryption\Util( new \OC_FilesystemView( '/' ), 'admin' );
// check if recovery password match
$this->assertTrue( $util->checkRecoveryPassword( 'test123' ) );
// enable recovery for admin
$this->assertTrue( $util->setRecoveryForUser( 1 ) );
// create folder structure
$this->view->mkdir( '/admin/files' . $this->folder1 );
$this->view->mkdir( '/admin/files' . $this->folder1 . $this->subfolder );
$this->view->mkdir( '/admin/files' . $this->folder1 . $this->subfolder . $this->subsubfolder );
// save file with content
$cryptedFile1 = file_put_contents( 'crypt://' . $this->filename, $this->dataShort );
$cryptedFile2 = file_put_contents( 'crypt://' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename, $this->dataShort );
// test that data was successfully written
$this->assertTrue( is_int( $cryptedFile1 ) );
$this->assertTrue( is_int( $cryptedFile2 ) );
// check if share key for admin and recovery exists
$this->assertTrue( $this->view->file_exists( '/admin/files_encryption/share-keys/' . $this->filename . '.admin.shareKey' ) );
$this->assertTrue( $this->view->file_exists( '/admin/files_encryption/share-keys/' . $this->filename . '.' . $recoveryKeyId . '.shareKey' ) );
$this->assertTrue( $this->view->file_exists( '/admin/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.admin.shareKey' ) );
$this->assertTrue( $this->view->file_exists( '/admin/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.' . $recoveryKeyId . '.shareKey' ) );
// disable recovery for admin
$this->assertTrue( $util->setRecoveryForUser( 0 ) );
// remove all recovery keys
$util->removeRecoveryKeys( '/' );
// check if share key for recovery not exists
$this->assertFalse( $this->view->file_exists( '/admin/files_encryption/share-keys/' . $this->filename . '.' . $recoveryKeyId . '.shareKey' ) );
$this->assertFalse( $this->view->file_exists( '/admin/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.' . $recoveryKeyId . '.shareKey' ) );
// enable recovery for admin
$this->assertTrue( $util->setRecoveryForUser( 1 ) );
// remove all recovery keys
$util->addRecoveryKeys( '/' );
// check if share key for admin and recovery exists
$this->assertTrue( $this->view->file_exists( '/admin/files_encryption/share-keys/' . $this->filename . '.' . $recoveryKeyId . '.shareKey' ) );
$this->assertTrue( $this->view->file_exists( '/admin/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.' . $recoveryKeyId . '.shareKey' ) );
// cleanup
$this->view->unlink( '/admin/files/' . $this->filename );
$this->view->unlink( '/admin/files/' . $this->folder1 );
// check if share key for recovery not exists
$this->assertFalse( $this->view->file_exists( '/admin/files_encryption/share-keys/' . $this->filename . '.' . $recoveryKeyId . '.shareKey' ) );
$this->assertFalse( $this->view->file_exists( '/admin/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.' . $recoveryKeyId . '.shareKey' ) );
$this->assertTrue( \OCA\Encryption\Helper::adminEnableRecovery( null, 'test123' ) );
$this->assertTrue( \OCA\Encryption\Helper::adminDisableRecovery( 'test123' ) );
$this->assertEquals( 0, \OC_Appconfig::getValue( 'files_encryption', 'recoveryAdminEnabled' ) );
}
function testRecoveryForUser() {
// login as admin
$this->loginHelper( 'admin' );
\OCA\Encryption\Helper::adminEnableRecovery( null, 'test123' );
$recoveryKeyId = OC_Appconfig::getValue( 'files_encryption', 'recoveryKeyId' );
// check if control file created
$this->assertTrue( $this->view->file_exists( '/control-file/controlfile.enc' ) );
// login as user1
$this->loginHelper( 'user1' );
$util = new \OCA\Encryption\Util( new \OC_FilesystemView( '/' ), 'user1' );
// enable recovery for admin
$this->assertTrue( $util->setRecoveryForUser( 1 ) );
// create folder structure
$this->view->mkdir( '/user1/files' . $this->folder1 );
$this->view->mkdir( '/user1/files' . $this->folder1 . $this->subfolder );
$this->view->mkdir( '/user1/files' . $this->folder1 . $this->subfolder . $this->subsubfolder );
// save file with content
$cryptedFile1 = file_put_contents( 'crypt://' . $this->filename, $this->dataShort );
$cryptedFile2 = file_put_contents( 'crypt://' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename, $this->dataShort );
// test that data was successfully written
$this->assertTrue( is_int( $cryptedFile1 ) );
$this->assertTrue( is_int( $cryptedFile2 ) );
// check if share key for user and recovery exists
$this->assertTrue( $this->view->file_exists( '/user1/files_encryption/share-keys/' . $this->filename . '.user1.shareKey' ) );
$this->assertTrue( $this->view->file_exists( '/user1/files_encryption/share-keys/' . $this->filename . '.' . $recoveryKeyId . '.shareKey' ) );
$this->assertTrue( $this->view->file_exists( '/user1/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user1.shareKey' ) );
$this->assertTrue( $this->view->file_exists( '/user1/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.' . $recoveryKeyId . '.shareKey' ) );
// login as admin
$this->loginHelper( 'admin' );
// change password
\OC_User::setPassword( 'user1', 'test', 'test123' );
// login as user1
$this->loginHelper( 'user1', false, 'test' );
// get file contents
$retrievedCryptedFile1 = file_get_contents( 'crypt://' . $this->filename );
$retrievedCryptedFile2 = file_get_contents( 'crypt://' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename );
// check if data is the same as we previously written
$this->assertEquals( $this->dataShort, $retrievedCryptedFile1 );
$this->assertEquals( $this->dataShort, $retrievedCryptedFile2 );
// cleanup
$this->view->unlink( '/user1/files' . $this->folder1 );
$this->view->unlink( '/user1/files' . $this->filename );
// check if share key for user and recovery exists
$this->assertFalse( $this->view->file_exists( '/user1/files_encryption/share-keys/' . $this->filename . '.user1.shareKey' ) );
$this->assertFalse( $this->view->file_exists( '/user1/files_encryption/share-keys/' . $this->filename . '.' . $recoveryKeyId . '.shareKey' ) );
$this->assertFalse( $this->view->file_exists( '/user1/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user1.shareKey' ) );
$this->assertFalse( $this->view->file_exists( '/user1/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.' . $recoveryKeyId . '.shareKey' ) );
// enable recovery for admin
$this->assertTrue( $util->setRecoveryForUser( 0 ) );
\OCA\Encryption\Helper::adminDisableRecovery( 'test123' );
$this->assertEquals( 0, \OC_Appconfig::getValue( 'files_encryption', 'recoveryAdminEnabled' ) );
}
function testFailShareFile() {
// login as admin
$this->loginHelper( 'admin' );
// save file with content
$cryptedFile = file_put_contents( 'crypt://' . $this->filename, $this->dataShort );
// test that data was successfully written
$this->assertTrue( is_int( $cryptedFile ) );
// disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
// get the file info from previous created file
$fileInfo = $this->view->getFileInfo( '/admin/files/' . $this->filename );
// check if we have a valid file info
$this->assertTrue( is_array( $fileInfo ) );
// check if the unencrypted file size is stored
$this->assertGreaterThan( 0, $fileInfo['unencrypted_size'] );
// break users public key
$this->view->rename( '/public-keys/user2.public.key', '/public-keys/user2.public.key_backup' );
// re-enable the file proxy
\OC_FileProxy::$enabled = $proxyStatus;
// share the file
\OCP\Share::shareItem( 'file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP, 'group1', OCP\PERMISSION_ALL );
// login as admin
$this->loginHelper( 'admin' );
// check if share key for user1 not exists
$this->assertFalse( $this->view->file_exists( '/admin/files_encryption/share-keys/' . $this->filename . '.user2.shareKey' ) );
// disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
// break user1 public key
$this->view->rename( '/public-keys/user2.public.key_backup', '/public-keys/user2.public.key' );
// remove share file
$this->view->unlink( '/admin/files_encryption/share-keys/' . $this->filename . '.user2.shareKey' );
// re-enable the file proxy
\OC_FileProxy::$enabled = $proxyStatus;
// unshare the file with user1
\OCP\Share::unshare( 'file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP, 'group1' );
// check if share key not exists
$this->assertFalse( $this->view->file_exists( '/admin/files_encryption/share-keys/' . $this->filename . '.user2.shareKey' ) );
// cleanup
$this->view->unlink( '/admin/files/' . $this->filename );
}
/**
* @param $user
* @param bool $create
* @param bool $password
*/
public static function loginHelper( $user, $create = false, $password = false ) {
if ( $create ) {
\OC_User::createUser( $user, $user );
}
if ( $password === false ) {
$password = $user;
}
\OC_Util::tearDownFS();
\OC_User::setUserId( '' );
\OC\Files\Filesystem::tearDown();
\OC_Util::setupFS( $user );
\OC_User::setUserId( $user );
$params['uid'] = $user;
$params['password'] = $password;
OCA\Encryption\Hooks::login( $params );
}
}