fix for losing private key while being logged in and accessing a public link
This commit is contained in:
parent
3420d853ab
commit
6f9e425939
3 changed files with 56 additions and 17 deletions
|
@ -173,4 +173,20 @@ class Helper
|
|||
|
||||
return $return;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @brief checks if access is public/anonymous user
|
||||
* @return bool
|
||||
*/
|
||||
public static function isPublicAccess() {
|
||||
if (\OCP\USER::getUser() === false
|
||||
|| (isset($_GET['service']) && $_GET['service'] == 'files'
|
||||
&& isset($_GET['t']))
|
||||
) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
|
@ -83,17 +83,14 @@ class Session
|
|||
|
||||
}
|
||||
|
||||
if ( \OCP\USER::getUser() === false ||
|
||||
( isset( $_GET['service'] ) && $_GET['service'] == 'files' &&
|
||||
isset( $_GET['t'] ) )
|
||||
) {
|
||||
if (\OCA\Encryption\Helper::isPublicAccess()) {
|
||||
// Disable encryption proxy to prevent recursive calls
|
||||
$proxyStatus = \OC_FileProxy::$enabled;
|
||||
\OC_FileProxy::$enabled = false;
|
||||
|
||||
$encryptedKey = $this->view->file_get_contents( '/owncloud_private_key/' . $publicShareKeyId . '.private.key' );
|
||||
$privateKey = Crypt::symmetricDecryptFileContent( $encryptedKey, '' );
|
||||
$this->setPrivateKey( $privateKey );
|
||||
$this->setPublicSharePrivateKey( $privateKey );
|
||||
|
||||
\OC_FileProxy::$enabled = $proxyStatus;
|
||||
}
|
||||
|
@ -103,6 +100,8 @@ class Session
|
|||
* @brief Sets user private key to session
|
||||
* @param string $privateKey
|
||||
* @return bool
|
||||
*
|
||||
* @note this should only be set on login
|
||||
*/
|
||||
public function setPrivateKey( $privateKey ) {
|
||||
|
||||
|
@ -113,27 +112,53 @@ class Session
|
|||
}
|
||||
|
||||
/**
|
||||
* @brief Gets user private key from session
|
||||
* @brief Gets user or public share private key from session
|
||||
* @returns string $privateKey The user's plaintext private key
|
||||
*
|
||||
*/
|
||||
public function getPrivateKey() {
|
||||
|
||||
if (
|
||||
isset( $_SESSION['privateKey'] )
|
||||
&& !empty( $_SESSION['privateKey'] )
|
||||
) {
|
||||
|
||||
return $_SESSION['privateKey'];
|
||||
|
||||
// return the public share private key if this is a public access
|
||||
if (\OCA\Encryption\Helper::isPublicAccess()) {
|
||||
return $this->getPublicSharePrivateKey();
|
||||
} else {
|
||||
if (isset($_SESSION['privateKey']) && !empty($_SESSION['privateKey'])) {
|
||||
return $_SESSION['privateKey'];
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Sets public user private key to session
|
||||
* @param string $privateKey
|
||||
* @return bool
|
||||
*/
|
||||
public function setPublicSharePrivateKey($privateKey) {
|
||||
|
||||
$_SESSION['publicSharePrivateKey'] = $privateKey;
|
||||
|
||||
return true;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Gets public share private key from session
|
||||
* @returns string $privateKey
|
||||
*
|
||||
*/
|
||||
public function getPublicSharePrivateKey() {
|
||||
|
||||
if (isset($_SESSION['publicSharePrivateKey']) && !empty($_SESSION['publicSharePrivateKey'])) {
|
||||
return $_SESSION['publicSharePrivateKey'];
|
||||
} else {
|
||||
return false;
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @brief Sets user legacy key to session
|
||||
* @param $legacyKey
|
||||
|
|
|
@ -127,9 +127,7 @@ class Util {
|
|||
$this->recoveryKeyId = \OC_Appconfig::getValue('files_encryption', 'recoveryKeyId');
|
||||
|
||||
// if we are anonymous/public
|
||||
if ($this->userId === false
|
||||
|| (isset($_GET['service']) && $_GET['service'] == 'files' && isset($_GET['t']))
|
||||
) {
|
||||
if (\OCA\Encryption\Helper::isPublicAccess()) {
|
||||
$this->userId = $this->publicShareKeyId;
|
||||
|
||||
// only handle for files_sharing app
|
||||
|
|
Loading…
Reference in a new issue