2012-08-14 18:06:56 +00:00
< ? php
2013-01-24 18:37:34 +00:00
2012-08-14 18:06:56 +00:00
/**
* ownCloud
*
* @ author Sam Tuke
* @ copyright 2012 Sam Tuke samtuke @ owncloud . org
*
* This library is free software ; you can redistribute it and / or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation ; either
* version 3 of the License , or any later version .
*
* This library is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details .
*
* You should have received a copy of the GNU Affero General Public
* License along with this library . If not , see < http :// www . gnu . org / licenses />.
*
*/
2012-10-17 15:35:19 +00:00
namespace OCA\Encryption ;
2012-08-14 18:06:56 +00:00
2013-05-05 21:41:42 +00:00
use OC\Files\Filesystem ;
2012-08-14 18:06:56 +00:00
/**
* Class for hook specific logic
*/
class Hooks {
2013-01-24 18:37:34 +00:00
// TODO: use passphrase for encrypting private key that is separate to
// the login password
2012-08-14 18:06:56 +00:00
/**
* @ brief Startup encryption backend upon user login
* @ note This method should never be called for users using client side encryption
*/
2013-05-27 15:26:58 +00:00
public static function login ( $params ) {
2013-06-21 08:37:51 +00:00
$l = new \OC_L10N ( 'files_encryption' );
2013-07-01 10:16:36 +00:00
//check if all requirements are met
if ( ! Helper :: checkRequirements () ) {
$error_msg = $l -> t ( " Missing requirements. " );
2013-07-04 12:50:07 +00:00
$hint = $l -> t ( 'Please make sure that PHP 5.3.3 or newer is installed and that the OpenSSL PHP extension is enabled and configured properly. For now, the encryption app has been disabled.' );
2013-06-21 08:37:51 +00:00
\OC_App :: disable ( 'files_encryption' );
\OCP\Util :: writeLog ( 'Encryption library' , $error_msg . ' ' . $hint , \OCP\Util :: ERROR );
\OCP\Template :: printErrorPage ( $error_msg , $hint );
}
2012-08-14 18:06:56 +00:00
2013-05-27 15:26:58 +00:00
$view = new \OC_FilesystemView ( '/' );
2013-05-31 09:55:40 +00:00
// ensure filesystem is loaded
if ( ! \OC\Files\Filesystem :: $loaded ) {
\OC_Util :: setupFS ( $params [ 'uid' ]);
}
2013-05-27 15:26:58 +00:00
$util = new Util ( $view , $params [ 'uid' ]);
// setup user, if user not ready force relogin
if ( Helper :: setupUser ( $util , $params [ 'password' ]) === false ) {
return false ;
}
$encryptedKey = Keymanager :: getPrivateKey ( $view , $params [ 'uid' ]);
2013-02-05 16:09:01 +00:00
2013-06-03 12:19:31 +00:00
$privateKey = Crypt :: decryptPrivateKey ( $encryptedKey , $params [ 'password' ]);
2013-05-31 11:58:58 +00:00
2013-06-03 16:42:13 +00:00
if ( $privateKey === false ) {
\OCP\Util :: writeLog ( 'Encryption library' , 'Private key for user "' . $params [ 'uid' ]
. '" is not valid! Maybe the user password was changed from outside if so please change it back to gain access' , \OCP\Util :: ERROR );
2013-05-31 11:58:58 +00:00
}
2013-05-29 07:21:00 +00:00
$session = new \OCA\Encryption\Session ( $view );
2013-05-27 15:26:58 +00:00
2013-06-03 13:26:58 +00:00
$session -> setPrivateKey ( $privateKey );
2013-05-15 12:33:08 +00:00
2013-05-04 14:14:38 +00:00
// Check if first-run file migration has already been performed
2013-06-12 10:21:11 +00:00
$ready = false ;
if ( $util -> getMigrationStatus () === Util :: MIGRATION_OPEN ) {
$ready = $util -> beginMigration ();
}
2013-05-27 15:26:58 +00:00
2013-05-04 14:14:38 +00:00
// If migration not yet done
2013-06-11 10:03:50 +00:00
if ( $ready ) {
2013-05-27 15:26:58 +00:00
$userView = new \OC_FilesystemView ( '/' . $params [ 'uid' ]);
2013-05-04 14:14:38 +00:00
// Set legacy encryption key if it exists, to support
// depreciated encryption system
2013-05-20 19:24:39 +00:00
if (
2013-05-27 15:26:58 +00:00
$userView -> file_exists ( 'encryption.key' )
&& $encLegacyKey = $userView -> file_get_contents ( 'encryption.key' )
2013-05-04 14:14:38 +00:00
) {
2013-05-29 07:21:00 +00:00
2013-05-30 23:35:48 +00:00
$plainLegacyKey = Crypt :: legacyDecrypt ( $encLegacyKey , $params [ 'password' ]);
2013-05-29 07:21:00 +00:00
2013-05-27 15:26:58 +00:00
$session -> setLegacyKey ( $plainLegacyKey );
2013-05-29 07:21:00 +00:00
2013-05-04 14:14:38 +00:00
}
2013-05-29 07:21:00 +00:00
2013-05-04 14:14:38 +00:00
// Encrypt existing user files:
// This serves to upgrade old versions of the encryption
// app (see appinfo/spec.txt)
if (
2013-05-27 15:26:58 +00:00
$util -> encryptAll ( '/' . $params [ 'uid' ] . '/' . 'files' , $session -> getLegacyKey (), $params [ 'password' ])
2013-05-04 14:14:38 +00:00
) {
2013-05-27 15:26:58 +00:00
\OC_Log :: write (
2013-05-04 14:14:38 +00:00
'Encryption library' , 'Encryption of existing files belonging to "' . $params [ 'uid' ] . '" completed'
2013-05-27 15:26:58 +00:00
, \OC_Log :: INFO
2013-05-04 14:14:38 +00:00
);
2013-05-27 15:26:58 +00:00
2013-05-04 14:14:38 +00:00
}
2013-05-17 09:15:36 +00:00
2013-05-04 14:14:38 +00:00
// Register successful migration in DB
2013-06-11 10:03:50 +00:00
$util -> finishMigration ();
2013-05-27 15:26:58 +00:00
2013-05-04 14:14:38 +00:00
}
2012-08-14 18:06:56 +00:00
return true ;
}
2013-05-13 20:34:11 +00:00
2013-05-27 15:26:58 +00:00
/**
* @ brief setup encryption backend upon user created
* @ note This method should never be called for users using client side encryption
*/
public static function postCreateUser ( $params ) {
$view = new \OC_FilesystemView ( '/' );
2013-05-13 20:34:11 +00:00
2013-05-27 15:26:58 +00:00
$util = new Util ( $view , $params [ 'uid' ]);
2013-05-13 20:34:11 +00:00
2013-05-27 15:26:58 +00:00
Helper :: setupUser ( $util , $params [ 'password' ]);
}
2013-05-13 20:34:11 +00:00
2013-05-27 15:26:58 +00:00
/**
* @ brief cleanup encryption backend upon user deleted
* @ note This method should never be called for users using client side encryption
*/
public static function postDeleteUser ( $params ) {
$view = new \OC_FilesystemView ( '/' );
2013-05-13 20:49:27 +00:00
2013-05-27 15:26:58 +00:00
// cleanup public key
$publicKey = '/public-keys/' . $params [ 'uid' ] . '.public.key' ;
2013-05-13 20:49:27 +00:00
2013-05-27 15:26:58 +00:00
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy :: $enabled ;
\OC_FileProxy :: $enabled = false ;
2013-05-13 20:49:27 +00:00
2013-05-27 15:26:58 +00:00
$view -> unlink ( $publicKey );
2013-05-13 20:49:27 +00:00
2013-05-27 15:26:58 +00:00
\OC_FileProxy :: $enabled = $proxyStatus ;
}
2013-05-13 20:49:27 +00:00
2013-06-06 11:32:02 +00:00
/**
* @ brief If the password can ' t be changed within ownCloud , than update the key password in advance .
*/
public static function preSetPassphrase ( $params ) {
if ( ! \OC_User :: canUserChangePassword ( $params [ 'uid' ]) ) {
self :: setPassphrase ( $params );
}
}
2013-05-27 15:26:58 +00:00
/**
2012-12-11 13:22:46 +00:00
* @ brief Change a user ' s encryption passphrase
* @ param array $params keys : uid , password
*/
2013-05-16 12:53:04 +00:00
public static function setPassphrase ( $params ) {
2012-12-11 13:22:46 +00:00
// Only attempt to change passphrase if server-side encryption
2013-05-31 11:58:58 +00:00
// is in use (client-side encryption does not have access to
2012-12-11 13:22:46 +00:00
// the necessary keys)
2013-05-27 18:44:38 +00:00
if ( Crypt :: mode () === 'server' ) {
2013-04-29 21:37:08 +00:00
2013-05-27 18:44:38 +00:00
if ( $params [ 'uid' ] === \OCP\User :: getUser ()) {
2013-04-29 21:37:08 +00:00
2013-05-16 12:53:04 +00:00
$view = new \OC_FilesystemView ( '/' );
2013-05-28 15:04:35 +00:00
$session = new \OCA\Encryption\Session ( $view );
2013-05-16 12:53:04 +00:00
// Get existing decrypted private key
$privateKey = $session -> getPrivateKey ();
// Encrypt private key with new user pwd as passphrase
$encryptedPrivateKey = Crypt :: symmetricEncryptFileContent ( $privateKey , $params [ 'password' ]);
// Save private key
Keymanager :: setPrivateKey ( $encryptedPrivateKey );
// NOTE: Session does not need to be updated as the
// private key has not changed, only the passphrase
// used to decrypt it has changed
2013-05-27 15:26:58 +00:00
2013-05-16 12:53:04 +00:00
} else { // admin changed the password for a different user, create new keys and reencrypt file keys
2013-05-27 15:26:58 +00:00
2013-05-16 12:53:04 +00:00
$user = $params [ 'uid' ];
$recoveryPassword = $params [ 'recoveryPassword' ];
$newUserPassword = $params [ 'password' ];
$view = new \OC_FilesystemView ( '/' );
// make sure that the users home is mounted
\OC\Files\Filesystem :: initMountPoints ( $user );
$keypair = Crypt :: createKeypair ();
2013-05-27 15:26:58 +00:00
2013-05-16 12:53:04 +00:00
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy :: $enabled ;
\OC_FileProxy :: $enabled = false ;
// Save public key
2013-05-27 15:26:58 +00:00
$view -> file_put_contents ( '/public-keys/' . $user . '.public.key' , $keypair [ 'publicKey' ]);
2013-05-16 12:53:04 +00:00
2013-05-23 21:56:31 +00:00
// Encrypt private key empty passphrase
2013-05-27 15:26:58 +00:00
$encryptedPrivateKey = Crypt :: symmetricEncryptFileContent ( $keypair [ 'privateKey' ], $newUserPassword );
2013-05-16 12:53:04 +00:00
// Save private key
2013-05-27 15:26:58 +00:00
$view -> file_put_contents (
'/' . $user . '/files_encryption/' . $user . '.private.key' , $encryptedPrivateKey );
2013-05-16 12:53:04 +00:00
2013-05-27 15:26:58 +00:00
if ( $recoveryPassword ) { // if recovery key is set we can re-encrypt the key files
2013-05-16 12:53:04 +00:00
$util = new Util ( $view , $user );
$util -> recoverUsersFiles ( $recoveryPassword );
}
\OC_FileProxy :: $enabled = $proxyStatus ;
}
2012-12-11 13:22:46 +00:00
}
}
2013-05-13 12:28:45 +00:00
/*
* @ brief check if files can be encrypted to every user .
*/
2013-05-20 19:46:28 +00:00
/**
* @ param $params
*/
2013-05-13 12:28:45 +00:00
public static function preShared ( $params ) {
$users = array ();
$view = new \OC\Files\View ( '/public-keys/' );
switch ( $params [ 'shareType' ]) {
case \OCP\Share :: SHARE_TYPE_USER :
$users [] = $params [ 'shareWith' ];
break ;
case \OCP\Share :: SHARE_TYPE_GROUP :
$users = \OC_Group :: usersInGroup ( $params [ 'shareWith' ]);
break ;
}
2013-05-20 21:44:10 +00:00
$error = false ;
2013-05-13 12:28:45 +00:00
foreach ( $users as $user ) {
if ( ! $view -> file_exists ( $user . '.public.key' )) {
2013-05-20 21:44:10 +00:00
$error = true ;
break ;
2013-05-13 12:28:45 +00:00
}
}
2013-05-20 21:44:10 +00:00
2013-05-27 15:26:58 +00:00
if ( $error ) // Set flag var 'run' to notify emitting
2013-05-20 21:44:10 +00:00
// script that hook execution failed
2013-05-27 15:26:58 +00:00
{
2013-05-20 21:44:10 +00:00
$params [ 'run' ] -> run = false ;
2013-05-27 15:26:58 +00:00
}
// TODO: Make sure files_sharing provides user
// feedback on failed share
2013-05-13 12:28:45 +00:00
}
2013-02-12 11:45:54 +00:00
/**
2013-05-27 15:26:58 +00:00
* @ brief
2013-01-14 19:07:28 +00:00
*/
2013-05-13 12:28:45 +00:00
public static function postShared ( $params ) {
2013-04-22 09:58:39 +00:00
2013-02-26 18:33:31 +00:00
// NOTE: $params has keys:
// [itemType] => file
2013-02-09 18:39:32 +00:00
// itemSource -> int, filecache file ID
2013-02-26 18:33:31 +00:00
// [parent] =>
// [itemTarget] => /13
2013-02-09 18:39:32 +00:00
// shareWith -> string, uid of user being shared to
// fileTarget -> path of file being shared
// uidOwner -> owner of the original file being shared
2013-02-26 18:33:31 +00:00
// [shareType] => 0
// [shareWith] => test1
// [uidOwner] => admin
// [permissions] => 17
// [fileSource] => 13
// [fileTarget] => /test8
// [id] => 10
2013-04-22 09:58:39 +00:00
// [token] =>
2013-05-08 14:22:08 +00:00
// [run] => whether emitting script should continue to run
2013-02-26 18:33:31 +00:00
// TODO: Should other kinds of item be encrypted too?
2013-04-22 09:58:39 +00:00
2013-05-13 12:28:45 +00:00
if ( $params [ 'itemType' ] === 'file' || $params [ 'itemType' ] === 'folder' ) {
$view = new \OC_FilesystemView ( '/' );
2013-05-28 15:04:35 +00:00
$session = new \OCA\Encryption\Session ( $view );
2013-02-26 18:33:31 +00:00
$userId = \OCP\User :: getUser ();
2013-04-22 09:58:39 +00:00
$util = new Util ( $view , $userId );
2013-05-13 12:28:45 +00:00
$path = $util -> fileIdToPath ( $params [ 'itemSource' ]);
2013-05-07 15:16:16 +00:00
2013-05-15 22:34:45 +00:00
$share = $util -> getParentFromShare ( $params [ 'id' ]);
2013-05-07 15:16:16 +00:00
//if parent is set, then this is a re-share action
2013-05-27 18:44:38 +00:00
if ( $share [ 'parent' ] !== null ) {
2013-05-07 15:16:16 +00:00
// get the parent from current share
2013-05-13 12:28:45 +00:00
$parent = $util -> getShareParent ( $params [ 'parent' ]);
2013-05-07 15:16:16 +00:00
// if parent is file the it is an 1:1 share
2013-05-13 12:28:45 +00:00
if ( $parent [ 'item_type' ] === 'file' ) {
2013-05-07 15:16:16 +00:00
2013-05-13 12:28:45 +00:00
// prefix path with Shared
$path = '/Shared' . $parent [ 'file_target' ];
2013-05-07 15:16:16 +00:00
} else {
2013-05-13 12:28:45 +00:00
2013-05-07 15:16:16 +00:00
// NOTE: parent is folder but shared was a file!
// we try to rebuild the missing path
// some examples we face here
// user1 share folder1 with user2 folder1 has
// the following structure
// /folder1/subfolder1/subsubfolder1/somefile.txt
// user2 re-share subfolder2 with user3
// user3 re-share somefile.txt user4
// so our path should be
// /Shared/subfolder1/subsubfolder1/somefile.txt
// while user3 is sharing
2013-05-13 12:28:45 +00:00
if ( $params [ 'itemType' ] === 'file' ) {
2013-05-07 15:16:16 +00:00
// get target path
2013-05-13 12:28:45 +00:00
$targetPath = $util -> fileIdToPath ( $params [ 'fileSource' ]);
$targetPathSplit = array_reverse ( explode ( '/' , $targetPath ));
2013-05-07 15:16:16 +00:00
// init values
$path = '' ;
2013-05-13 12:28:45 +00:00
$sharedPart = ltrim ( $parent [ 'file_target' ], '/' );
2013-05-07 15:16:16 +00:00
// rebuild path
2013-05-13 12:28:45 +00:00
foreach ( $targetPathSplit as $pathPart ) {
if ( $pathPart !== $sharedPart ) {
2013-05-07 15:16:16 +00:00
$path = '/' . $pathPart . $path ;
} else {
break ;
}
}
// prefix path with Shared
2013-05-13 12:28:45 +00:00
$path = '/Shared' . $parent [ 'file_target' ] . $path ;
2013-05-07 15:16:16 +00:00
} else {
// prefix path with Shared
2013-05-13 12:28:45 +00:00
$path = '/Shared' . $parent [ 'file_target' ] . $params [ 'fileTarget' ];
2013-05-07 15:16:16 +00:00
}
}
}
$sharingEnabled = \OCP\Share :: isEnabled ();
2013-04-22 09:58:39 +00:00
2013-05-29 23:38:11 +00:00
// get the path including mount point only if not a shared folder
2013-06-03 16:42:13 +00:00
if ( strncmp ( $path , '/Shared' , strlen ( '/Shared' ) !== 0 )) {
2013-05-29 23:38:11 +00:00
// get path including the the storage mount point
$path = $util -> getPathWithMountPoint ( $params [ 'itemSource' ]);
}
2013-05-18 19:12:53 +00:00
// if a folder was shared, get a list of all (sub-)folders
2013-05-13 12:28:45 +00:00
if ( $params [ 'itemType' ] === 'folder' ) {
$allFiles = $util -> getAllFiles ( $path );
2013-04-22 09:58:39 +00:00
} else {
2013-05-13 12:28:45 +00:00
$allFiles = array ( $path );
2013-04-22 09:58:39 +00:00
}
2013-05-13 12:28:45 +00:00
foreach ( $allFiles as $path ) {
$usersSharing = $util -> getSharingUsersArray ( $sharingEnabled , $path );
2013-05-27 15:26:58 +00:00
$util -> setSharedFileKeyfiles ( $session , $usersSharing , $path );
2013-02-26 18:33:31 +00:00
}
2013-02-20 19:18:00 +00:00
}
2013-01-14 19:07:28 +00:00
}
2013-05-27 15:26:58 +00:00
2013-01-14 19:07:28 +00:00
/**
2013-05-27 15:26:58 +00:00
* @ brief
2013-01-14 19:07:28 +00:00
*/
2013-05-27 15:26:58 +00:00
public static function postUnshare ( $params ) {
2013-05-05 21:41:42 +00:00
2013-05-07 15:16:16 +00:00
// NOTE: $params has keys:
// [itemType] => file
// [itemSource] => 13
// [shareType] => 0
// [shareWith] => test1
// [itemParent] =>
2013-05-05 21:41:42 +00:00
2013-05-27 15:26:58 +00:00
if ( $params [ 'itemType' ] === 'file' || $params [ 'itemType' ] === 'folder' ) {
2013-05-05 21:41:42 +00:00
2013-05-27 15:26:58 +00:00
$view = new \OC_FilesystemView ( '/' );
2013-05-07 15:16:16 +00:00
$userId = \OCP\User :: getUser ();
2013-05-27 15:26:58 +00:00
$util = new Util ( $view , $userId );
$path = $util -> fileIdToPath ( $params [ 'itemSource' ]);
2013-05-05 21:41:42 +00:00
2013-05-07 15:16:16 +00:00
// check if this is a re-share
2013-05-27 15:26:58 +00:00
if ( $params [ 'itemParent' ]) {
2013-04-22 10:22:07 +00:00
2013-05-07 15:16:16 +00:00
// get the parent from current share
2013-05-27 15:26:58 +00:00
$parent = $util -> getShareParent ( $params [ 'itemParent' ]);
2013-02-26 18:33:31 +00:00
2013-05-07 15:16:16 +00:00
// get target path
2013-05-27 15:26:58 +00:00
$targetPath = $util -> fileIdToPath ( $params [ 'itemSource' ]);
$targetPathSplit = array_reverse ( explode ( '/' , $targetPath ));
2013-02-26 18:33:31 +00:00
2013-05-07 15:16:16 +00:00
// init values
$path = '' ;
2013-05-27 15:26:58 +00:00
$sharedPart = ltrim ( $parent [ 'file_target' ], '/' );
2013-05-07 15:16:16 +00:00
// rebuild path
2013-05-27 15:26:58 +00:00
foreach ( $targetPathSplit as $pathPart ) {
if ( $pathPart !== $sharedPart ) {
2013-05-07 15:16:16 +00:00
$path = '/' . $pathPart . $path ;
} else {
break ;
}
}
// prefix path with Shared
$path = '/Shared' . $parent [ 'file_target' ] . $path ;
}
// for group shares get a list of the group members
2013-05-27 18:44:38 +00:00
if ( $params [ 'shareType' ] === \OCP\Share :: SHARE_TYPE_GROUP ) {
2013-05-07 15:16:16 +00:00
$userIds = \OC_Group :: usersInGroup ( $params [ 'shareWith' ]);
2013-05-13 13:45:30 +00:00
} else {
2013-05-27 18:44:38 +00:00
if ( $params [ 'shareType' ] === \OCP\Share :: SHARE_TYPE_LINK ) {
2013-05-27 15:26:58 +00:00
$userIds = array ( $util -> getPublicShareKeyId ());
} else {
$userIds = array ( $params [ 'shareWith' ]);
}
2013-05-07 15:16:16 +00:00
}
2013-05-29 23:38:11 +00:00
// get the path including mount point only if not a shared folder
2013-06-03 16:42:13 +00:00
if ( strncmp ( $path , '/Shared' , strlen ( '/Shared' ) !== 0 )) {
2013-05-29 23:38:11 +00:00
// get path including the the storage mount point
$path = $util -> getPathWithMountPoint ( $params [ 'itemSource' ]);
}
2013-05-29 17:11:39 +00:00
2013-05-29 23:38:11 +00:00
// if we unshare a folder we need a list of all (sub-)files
if ( $params [ 'itemType' ] === 'folder' ) {
2013-06-03 16:42:13 +00:00
$allFiles = $util -> getAllFiles ( $path );
2013-05-07 15:16:16 +00:00
} else {
2013-05-27 15:26:58 +00:00
$allFiles = array ( $path );
2013-05-07 15:16:16 +00:00
}
2013-05-27 15:26:58 +00:00
foreach ( $allFiles as $path ) {
2013-05-07 15:16:16 +00:00
// check if the user still has access to the file, otherwise delete share key
2013-05-27 15:26:58 +00:00
$sharingUsers = $util -> getSharingUsersArray ( true , $path );
2013-05-07 15:16:16 +00:00
// Unshare every user who no longer has access to the file
2013-05-27 15:26:58 +00:00
$delUsers = array_diff ( $userIds , $sharingUsers );
2013-05-07 15:16:16 +00:00
2013-05-20 19:24:39 +00:00
// delete share key
2013-05-27 15:26:58 +00:00
Keymanager :: delShareKey ( $view , $delUsers , $path );
2013-05-07 15:16:16 +00:00
}
}
}
2013-05-27 15:26:58 +00:00
2013-01-14 19:07:28 +00:00
/**
2013-05-27 15:26:58 +00:00
* @ brief after a file is renamed , rename its keyfile and share - keys also fix the file size and fix also the sharing
* @ param array with oldpath and newpath
*
* This function is connected to the rename signal of OC_Filesystem and adjust the name and location
* of the stored versions along the actual file
*/
public static function postRename ( $params ) {
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy :: $enabled ;
\OC_FileProxy :: $enabled = false ;
$view = new \OC_FilesystemView ( '/' );
2013-05-29 07:21:00 +00:00
$session = new \OCA\Encryption\Session ( $view );
2013-05-27 15:26:58 +00:00
$userId = \OCP\User :: getUser ();
$util = new Util ( $view , $userId );
// Format paths to be relative to user files dir
2013-06-25 12:42:49 +00:00
if ( $util -> isSystemWideMountPoint ( $params [ 'oldpath' ])) {
$baseDir = 'files_encryption/' ;
$oldKeyfilePath = $baseDir . 'keyfiles/' . $params [ 'oldpath' ];
} else {
$baseDir = $userId . '/' . 'files_encryption/' ;
$oldKeyfilePath = $baseDir . 'keyfiles/' . $params [ 'oldpath' ];
}
if ( $util -> isSystemWideMountPoint ( $params [ 'newpath' ])) {
$newKeyfilePath = $baseDir . 'keyfiles/' . $params [ 'newpath' ];
} else {
$newKeyfilePath = $baseDir . 'keyfiles/' . $params [ 'newpath' ];
}
2013-05-27 15:26:58 +00:00
// add key ext if this is not an folder
if ( ! $view -> is_dir ( $oldKeyfilePath )) {
$oldKeyfilePath .= '.key' ;
$newKeyfilePath .= '.key' ;
// handle share-keys
2013-06-25 12:42:49 +00:00
$localKeyPath = $view -> getLocalFile ( $baseDir . 'share-keys/' . $params [ 'oldpath' ]);
2013-07-05 12:58:33 +00:00
$escapedPath = Helper :: escapeGlobPattern ( $localKeyPath );
2013-06-25 14:50:10 +00:00
$matches = glob ( $escapedPath . '*.shareKey' );
2013-05-27 15:26:58 +00:00
foreach ( $matches as $src ) {
$dst = \OC\Files\Filesystem :: normalizePath ( str_replace ( $params [ 'oldpath' ], $params [ 'newpath' ], $src ));
// create destination folder if not exists
if ( ! file_exists ( dirname ( $dst ))) {
mkdir ( dirname ( $dst ), 0750 , true );
}
rename ( $src , $dst );
}
} else {
// handle share-keys folders
2013-06-25 12:42:49 +00:00
$oldShareKeyfilePath = $baseDir . 'share-keys/' . $params [ 'oldpath' ];
$newShareKeyfilePath = $baseDir . 'share-keys/' . $params [ 'newpath' ];
2013-05-27 15:26:58 +00:00
// create destination folder if not exists
if ( ! $view -> file_exists ( dirname ( $newShareKeyfilePath ))) {
$view -> mkdir ( dirname ( $newShareKeyfilePath ), 0750 , true );
}
$view -> rename ( $oldShareKeyfilePath , $newShareKeyfilePath );
}
// Rename keyfile so it isn't orphaned
if ( $view -> file_exists ( $oldKeyfilePath )) {
// create destination folder if not exists
if ( ! $view -> file_exists ( dirname ( $newKeyfilePath ))) {
$view -> mkdir ( dirname ( $newKeyfilePath ), 0750 , true );
}
$view -> rename ( $oldKeyfilePath , $newKeyfilePath );
}
// build the path to the file
$newPath = '/' . $userId . '/files' . $params [ 'newpath' ];
$newPathRelative = $params [ 'newpath' ];
if ( $util -> fixFileSize ( $newPath )) {
// get sharing app state
$sharingEnabled = \OCP\Share :: isEnabled ();
// get users
$usersSharing = $util -> getSharingUsersArray ( $sharingEnabled , $newPathRelative );
// update sharing-keys
$util -> setSharedFileKeyfiles ( $session , $usersSharing , $newPathRelative );
}
\OC_FileProxy :: $enabled = $proxyStatus ;
}
2013-06-27 12:09:22 +00:00
/**
* set migration status back to '0' so that all new files get encrypted
* if the app gets enabled again
* @ param array $params contains the app ID
*/
public static function preDisable ( $params ) {
if ( $params [ 'app' ] === 'files_encryption' ) {
$query = \OC_DB :: prepare ( 'UPDATE `*PREFIX*encryption` SET `migration_status`=0' );
$query -> execute ();
}
}
2012-08-14 18:06:56 +00:00
}