make encryption configurable for home storage

This commit is contained in:
Bjoern Schiessle 2015-10-13 17:54:06 +02:00 committed by Björn Schießle
parent d7d5a3bab5
commit 5fad45b230
11 changed files with 247 additions and 61 deletions

View file

@ -201,7 +201,8 @@ class Application extends \OCP\AppFramework\App {
$c->query('KeyManager'), $c->query('KeyManager'),
$c->query('Crypt'), $c->query('Crypt'),
$c->query('Session'), $c->query('Session'),
$server->getSession() $server->getSession(),
$c->query('Util')
); );
}); });

View file

@ -35,6 +35,11 @@ namespace OCA\Encryption\AppInfo;
'url' => '/ajax/updatePrivateKeyPassword', 'url' => '/ajax/updatePrivateKeyPassword',
'verb' => 'POST' 'verb' => 'POST'
], ],
[
'name' => 'Settings#setEncryptHomeStorage',
'url' => '/ajax/setEncryptHomeStorage',
'verb' => 'POST'
],
[ [
'name' => 'Recovery#changeRecoveryPassword', 'name' => 'Recovery#changeRecoveryPassword',
'url' => '/ajax/changeRecoveryPassword', 'url' => '/ajax/changeRecoveryPassword',

View file

@ -25,6 +25,7 @@ namespace OCA\Encryption\Controller;
use OCA\Encryption\Crypto\Crypt; use OCA\Encryption\Crypto\Crypt;
use OCA\Encryption\KeyManager; use OCA\Encryption\KeyManager;
use OCA\Encryption\Session; use OCA\Encryption\Session;
use OCA\Encryption\Util;
use OCP\AppFramework\Controller; use OCP\AppFramework\Controller;
use OCP\AppFramework\Http; use OCP\AppFramework\Http;
use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\Http\DataResponse;
@ -57,6 +58,9 @@ class SettingsController extends Controller {
/** @var ISession */ /** @var ISession */
private $ocSession; private $ocSession;
/** @var Util */
private $util;
/** /**
* @param string $AppName * @param string $AppName
* @param IRequest $request * @param IRequest $request
@ -67,6 +71,7 @@ class SettingsController extends Controller {
* @param Crypt $crypt * @param Crypt $crypt
* @param Session $session * @param Session $session
* @param ISession $ocSession * @param ISession $ocSession
* @param Util $util
*/ */
public function __construct($AppName, public function __construct($AppName,
IRequest $request, IRequest $request,
@ -76,7 +81,9 @@ class SettingsController extends Controller {
KeyManager $keyManager, KeyManager $keyManager,
Crypt $crypt, Crypt $crypt,
Session $session, Session $session,
ISession $ocSession) { ISession $ocSession,
Util $util
) {
parent::__construct($AppName, $request); parent::__construct($AppName, $request);
$this->l = $l10n; $this->l = $l10n;
$this->userSession = $userSession; $this->userSession = $userSession;
@ -85,6 +92,7 @@ class SettingsController extends Controller {
$this->crypt = $crypt; $this->crypt = $crypt;
$this->session = $session; $this->session = $session;
$this->ocSession = $ocSession; $this->ocSession = $ocSession;
$this->util = $util;
} }
@ -143,4 +151,15 @@ class SettingsController extends Controller {
} }
} }
/**
* @UseSession
*
* @param bool $encryptHomeStorage
* @return DataResponse
*/
public function setEncryptHomeStorage($encryptHomeStorage) {
$this->util->setEncryptHomeStorage($encryptHomeStorage);
return new DataResponse();
}
} }

View file

@ -76,4 +76,13 @@ $(document).ready(function () {
}); });
}); });
$('#encryptHomeStorage').change(function() {
$.post(
OC.generateUrl('/apps/encryption/ajax/setEncryptHomeStorage'),
{
encryptHomeStorage: this.checked
}
);
});
}); });

View file

@ -378,6 +378,12 @@ class Encryption implements IEncryptionModule {
* @return boolean * @return boolean
*/ */
public function shouldEncrypt($path) { public function shouldEncrypt($path) {
if ($this->util->shouldEncryptHomeStorage() === false) {
$storage = $this->util->getStorage($path);
if ($storage->instanceOfStorage('\OCP\Files\IHomeStorage')) {
return false;
}
}
$parts = explode('/', $path); $parts = explode('/', $path);
if (count($parts) < 4) { if (count($parts) < 4) {
return false; return false;

View file

@ -94,11 +94,40 @@ class Util {
$recoveryMode = $this->config->getUserValue($uid, $recoveryMode = $this->config->getUserValue($uid,
'encryption', 'encryption',
'recoveryEnabled', 'recoveryEnabled',
0); '0');
return ($recoveryMode === '1'); return ($recoveryMode === '1');
} }
/**
* check if the home storage should be encrypted
*
* @return bool
*/
public function shouldEncryptHomeStorage() {
$encryptHomeStorage = $this->config->getAppValue(
'encryption',
'encryptHomeStorage',
'1'
);
return ($encryptHomeStorage === '1');
}
/**
* check if the home storage should be encrypted
*
* @param bool $encryptHomeStorage
*/
public function setEncryptHomeStorage($encryptHomeStorage) {
$value = $encryptHomeStorage ? '1' : '0';
$this->config->setAppValue(
'encryption',
'encryptHomeStorage',
$value
);
}
/** /**
* check if master key is enabled * check if master key is enabled
* *
@ -157,4 +186,15 @@ class Util {
return $owner; return $owner;
} }
/**
* get storage of path
*
* @param string $path
* @return \OC\Files\Storage\Storage
*/
public function getStorage($path) {
$storage = $this->files->getMount($path)->getStorage();
return $storage;
}
} }

View file

@ -25,12 +25,27 @@
$tmpl = new OCP\Template('encryption', 'settings-admin'); $tmpl = new OCP\Template('encryption', 'settings-admin');
$crypt = new \OCA\Encryption\Crypto\Crypt(
\OC::$server->getLogger(),
\OC::$server->getUserSession(),
\OC::$server->getConfig());
$util = new \OCA\Encryption\Util(
new \OC\Files\View(),
$crypt,
\OC::$server->getLogger(),
\OC::$server->getUserSession(),
\OC::$server->getConfig(),
\OC::$server->getUserManager());
// Check if an adminRecovery account is enabled for recovering files after lost pwd // Check if an adminRecovery account is enabled for recovering files after lost pwd
$recoveryAdminEnabled = \OC::$server->getConfig()->getAppValue('encryption', 'recoveryAdminEnabled', '0'); $recoveryAdminEnabled = \OC::$server->getConfig()->getAppValue('encryption', 'recoveryAdminEnabled', '0');
$session = new \OCA\Encryption\Session(\OC::$server->getSession()); $session = new \OCA\Encryption\Session(\OC::$server->getSession());
$encryptHomeStorage = $util->shouldEncryptHomeStorage($user);
$tmpl->assign('recoveryEnabled', $recoveryAdminEnabled); $tmpl->assign('recoveryEnabled', $recoveryAdminEnabled);
$tmpl->assign('initStatus', $session->getStatus()); $tmpl->assign('initStatus', $session->getStatus());
$tmpl->assign('encryptHomeStorage', $encryptHomeStorage);
return $tmpl->fetchPage(); return $tmpl->fetchPage();

View file

@ -9,6 +9,13 @@ style('encryption', 'settings-admin');
<?php if(!$_["initStatus"]): ?> <?php if(!$_["initStatus"]): ?>
<?php p($l->t("Encryption App is enabled but your keys are not initialized, please log-out and log-in again")); ?> <?php p($l->t("Encryption App is enabled but your keys are not initialized, please log-out and log-in again")); ?>
<?php else: ?> <?php else: ?>
<p id="encryptHomeStorageSetting">
<input type="checkbox" class="checkbox" name="encrypt_home_storage" id="encryptHomeStorage"
value="1" <?php if ($_['encryptHomeStorage']) print_unescaped('checked="checked"'); ?> />
<label for="encryptHomeStorage"><?php p($l->t('Encrypt the home storage'));?></label></br>
<em><?php p( $l->t( "Enabling this option encrypts all files stored on the main storage, otherwise only files on external storage will be encrypted" ) ); ?></em>
</p>
<br />
<p id="encryptionSetRecoveryKey"> <p id="encryptionSetRecoveryKey">
<?php $_["recoveryEnabled"] === '0' ? p($l->t("Enable recovery key")) : p($l->t("Disable recovery key")); ?> <?php $_["recoveryEnabled"] === '0' ? p($l->t("Enable recovery key")) : p($l->t("Disable recovery key")); ?>
<span class="msg"></span> <span class="msg"></span>

View file

@ -56,6 +56,9 @@ class SettingsControllerTest extends TestCase {
/** @var \PHPUnit_Framework_MockObject_MockObject */ /** @var \PHPUnit_Framework_MockObject_MockObject */
private $ocSessionMock; private $ocSessionMock;
/** @var \PHPUnit_Framework_MockObject_MockObject */
private $utilMock;
protected function setUp() { protected function setUp() {
parent::setUp(); parent::setUp();
@ -106,6 +109,10 @@ class SettingsControllerTest extends TestCase {
$this->sessionMock = $this->getMockBuilder('OCA\Encryption\Session') $this->sessionMock = $this->getMockBuilder('OCA\Encryption\Session')
->disableOriginalConstructor()->getMock(); ->disableOriginalConstructor()->getMock();
$this->utilMock = $this->getMockBuilder('OCA\Encryption\Util')
->disableOriginalConstructor()
->getMock();
$this->controller = new SettingsController( $this->controller = new SettingsController(
'encryption', 'encryption',
$this->requestMock, $this->requestMock,
@ -115,7 +122,8 @@ class SettingsControllerTest extends TestCase {
$this->keyManagerMock, $this->keyManagerMock,
$this->cryptMock, $this->cryptMock,
$this->sessionMock, $this->sessionMock,
$this->ocSessionMock $this->ocSessionMock,
$this->utilMock
); );
} }
@ -234,4 +242,10 @@ class SettingsControllerTest extends TestCase {
$data['message']); $data['message']);
} }
function testSetEncryptHomeStorage() {
$value = true;
$this->utilMock->expects($this->once())->method('setEncryptHomeStorage')->with($value);
$this->controller->setEncryptHomeStorage($value);
}
} }

View file

@ -39,6 +39,9 @@ class UtilTest extends TestCase {
/** @var \PHPUnit_Framework_MockObject_MockObject */ /** @var \PHPUnit_Framework_MockObject_MockObject */
private $userManagerMock; private $userManagerMock;
/** @var \PHPUnit_Framework_MockObject_MockObject */
private $mountMock;
/** @var Util */ /** @var Util */
private $instance; private $instance;
@ -65,6 +68,7 @@ class UtilTest extends TestCase {
protected function setUp() { protected function setUp() {
parent::setUp(); parent::setUp();
$this->mountMock = $this->getMock('\OCP\Files\Mount\IMountPoint');
$this->filesMock = $this->getMock('OC\Files\View'); $this->filesMock = $this->getMock('OC\Files\View');
$this->userManagerMock = $this->getMock('\OCP\IUserManager'); $this->userManagerMock = $this->getMock('\OCP\IUserManager');
@ -151,4 +155,52 @@ class UtilTest extends TestCase {
]; ];
} }
/**
* @dataProvider dataTestShouldEncryptHomeStorage
* @param $returnValue return value from getAppValue()
* @param $expected
*/
public function testShouldEncryptHomeStorage($returnValue, $expected) {
$this->configMock->expects($this->once())->method('getAppValue')
->with('encryption', 'encryptHomeStorage', '1')
->willReturn($returnValue);
$this->assertSame($expected,
$this->instance->shouldEncryptHomeStorage());
}
public function dataTestShouldEncryptHomeStorage() {
return [
['1', true],
['0', false]
];
}
/**
* @dataProvider dataTestSetEncryptHomeStorage
* @param $value
* @param $expected
*/
public function testSetEncryptHomeStorage($value, $expected) {
$this->configMock->expects($this->once())->method('setAppValue')
->with('encryption', 'encryptHomeStorage', $expected);
$this->instance->setEncryptHomeStorage($value);
}
public function dataTestSetEncryptHomeStorage() {
return [
[true, '1'],
[false, '0']
];
}
public function testGetStorage() {
$path = '/foo/bar.txt';
$this->filesMock->expects($this->once())->method('getMount')->with($path)
->willReturn($this->mountMock);
$this->mountMock->expects($this->once())->method('getStorage')->willReturn(true);
$this->assertTrue($this->instance->getStorage($path));
}
} }

View file

@ -55,9 +55,14 @@ class EncryptionTest extends TestCase {
/** @var \PHPUnit_Framework_MockObject_MockObject */ /** @var \PHPUnit_Framework_MockObject_MockObject */
private $l10nMock; private $l10nMock;
/** @var \PHPUnit_Framework_MockObject_MockObject */
private $storageMock;
public function setUp() { public function setUp() {
parent::setUp(); parent::setUp();
$this->storageMock = $this->getMockBuilder('OCP\Files\Storage')
->disableOriginalConstructor()->getMock();
$this->cryptMock = $this->getMockBuilder('OCA\Encryption\Crypto\Crypt') $this->cryptMock = $this->getMockBuilder('OCA\Encryption\Crypto\Crypt')
->disableOriginalConstructor() ->disableOriginalConstructor()
->getMock(); ->getMock();
@ -312,7 +317,17 @@ class EncryptionTest extends TestCase {
* *
* @dataProvider dataTestShouldEncrypt * @dataProvider dataTestShouldEncrypt
*/ */
public function testShouldEncrypt($path, $expected) { public function testShouldEncrypt($path, $shouldEncryptHomeStorage, $isHomeStorage, $expected) {
$this->utilMock->expects($this->once())->method('shouldEncryptHomeStorage')
->willReturn($shouldEncryptHomeStorage);
if ($shouldEncryptHomeStorage === false) {
$this->storageMock->expects($this->once())->method('instanceOfStorage')
->with('\OCP\Files\IHomeStorage')->willReturn($isHomeStorage);
$this->utilMock->expects($this->once())->method('getStorage')->with($path)
->willReturn($this->storageMock);
}
$this->assertSame($expected, $this->assertSame($expected,
$this->instance->shouldEncrypt($path) $this->instance->shouldEncrypt($path)
); );
@ -320,14 +335,17 @@ class EncryptionTest extends TestCase {
public function dataTestShouldEncrypt() { public function dataTestShouldEncrypt() {
return array( return array(
array('/user1/files/foo.txt', true), array('/user1/files/foo.txt', true, true, true),
array('/user1/files_versions/foo.txt', true), array('/user1/files_versions/foo.txt', true, true, true),
array('/user1/files_trashbin/foo.txt', true), array('/user1/files_trashbin/foo.txt', true, true, true),
array('/user1/some_folder/foo.txt', false), array('/user1/some_folder/foo.txt', true, true, false),
array('/user1/foo.txt', false), array('/user1/foo.txt', true, true, false),
array('/user1/files', false), array('/user1/files', true, true, false),
array('/user1/files_trashbin', false), array('/user1/files_trashbin', true, true, false),
array('/user1/files_versions', false), array('/user1/files_versions', true, true, false),
// test if shouldEncryptHomeStorage is set to false
array('/user1/files/foo.txt', false, true, false),
array('/user1/files_versions/foo.txt', false, false, true),
); );
} }