fix for losing private key while being logged in and accessing a public link
This commit is contained in:
parent
3420d853ab
commit
6f9e425939
3 changed files with 56 additions and 17 deletions
|
@ -173,4 +173,20 @@ class Helper
|
||||||
|
|
||||||
return $return;
|
return $return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief checks if access is public/anonymous user
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public static function isPublicAccess() {
|
||||||
|
if (\OCP\USER::getUser() === false
|
||||||
|
|| (isset($_GET['service']) && $_GET['service'] == 'files'
|
||||||
|
&& isset($_GET['t']))
|
||||||
|
) {
|
||||||
|
return true;
|
||||||
|
} else {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
|
@ -83,17 +83,14 @@ class Session
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( \OCP\USER::getUser() === false ||
|
if (\OCA\Encryption\Helper::isPublicAccess()) {
|
||||||
( isset( $_GET['service'] ) && $_GET['service'] == 'files' &&
|
|
||||||
isset( $_GET['t'] ) )
|
|
||||||
) {
|
|
||||||
// Disable encryption proxy to prevent recursive calls
|
// Disable encryption proxy to prevent recursive calls
|
||||||
$proxyStatus = \OC_FileProxy::$enabled;
|
$proxyStatus = \OC_FileProxy::$enabled;
|
||||||
\OC_FileProxy::$enabled = false;
|
\OC_FileProxy::$enabled = false;
|
||||||
|
|
||||||
$encryptedKey = $this->view->file_get_contents( '/owncloud_private_key/' . $publicShareKeyId . '.private.key' );
|
$encryptedKey = $this->view->file_get_contents( '/owncloud_private_key/' . $publicShareKeyId . '.private.key' );
|
||||||
$privateKey = Crypt::symmetricDecryptFileContent( $encryptedKey, '' );
|
$privateKey = Crypt::symmetricDecryptFileContent( $encryptedKey, '' );
|
||||||
$this->setPrivateKey( $privateKey );
|
$this->setPublicSharePrivateKey( $privateKey );
|
||||||
|
|
||||||
\OC_FileProxy::$enabled = $proxyStatus;
|
\OC_FileProxy::$enabled = $proxyStatus;
|
||||||
}
|
}
|
||||||
|
@ -103,6 +100,8 @@ class Session
|
||||||
* @brief Sets user private key to session
|
* @brief Sets user private key to session
|
||||||
* @param string $privateKey
|
* @param string $privateKey
|
||||||
* @return bool
|
* @return bool
|
||||||
|
*
|
||||||
|
* @note this should only be set on login
|
||||||
*/
|
*/
|
||||||
public function setPrivateKey( $privateKey ) {
|
public function setPrivateKey( $privateKey ) {
|
||||||
|
|
||||||
|
@ -113,27 +112,53 @@ class Session
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Gets user private key from session
|
* @brief Gets user or public share private key from session
|
||||||
* @returns string $privateKey The user's plaintext private key
|
* @returns string $privateKey The user's plaintext private key
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
public function getPrivateKey() {
|
public function getPrivateKey() {
|
||||||
|
|
||||||
if (
|
// return the public share private key if this is a public access
|
||||||
isset( $_SESSION['privateKey'] )
|
if (\OCA\Encryption\Helper::isPublicAccess()) {
|
||||||
&& !empty( $_SESSION['privateKey'] )
|
return $this->getPublicSharePrivateKey();
|
||||||
) {
|
|
||||||
|
|
||||||
return $_SESSION['privateKey'];
|
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
if (isset($_SESSION['privateKey']) && !empty($_SESSION['privateKey'])) {
|
||||||
|
return $_SESSION['privateKey'];
|
||||||
|
} else {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Sets public user private key to session
|
||||||
|
* @param string $privateKey
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public function setPublicSharePrivateKey($privateKey) {
|
||||||
|
|
||||||
|
$_SESSION['publicSharePrivateKey'] = $privateKey;
|
||||||
|
|
||||||
|
return true;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Gets public share private key from session
|
||||||
|
* @returns string $privateKey
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
public function getPublicSharePrivateKey() {
|
||||||
|
|
||||||
|
if (isset($_SESSION['publicSharePrivateKey']) && !empty($_SESSION['publicSharePrivateKey'])) {
|
||||||
|
return $_SESSION['publicSharePrivateKey'];
|
||||||
|
} else {
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Sets user legacy key to session
|
* @brief Sets user legacy key to session
|
||||||
* @param $legacyKey
|
* @param $legacyKey
|
||||||
|
|
|
@ -127,9 +127,7 @@ class Util {
|
||||||
$this->recoveryKeyId = \OC_Appconfig::getValue('files_encryption', 'recoveryKeyId');
|
$this->recoveryKeyId = \OC_Appconfig::getValue('files_encryption', 'recoveryKeyId');
|
||||||
|
|
||||||
// if we are anonymous/public
|
// if we are anonymous/public
|
||||||
if ($this->userId === false
|
if (\OCA\Encryption\Helper::isPublicAccess()) {
|
||||||
|| (isset($_GET['service']) && $_GET['service'] == 'files' && isset($_GET['t']))
|
|
||||||
) {
|
|
||||||
$this->userId = $this->publicShareKeyId;
|
$this->userId = $this->publicShareKeyId;
|
||||||
|
|
||||||
// only handle for files_sharing app
|
// only handle for files_sharing app
|
||||||
|
|
Loading…
Reference in a new issue