let user update private key password in case it was changed from outside, e.g. external auth back-ends

This commit is contained in:
Björn Schießle 2013-06-03 15:27:31 +02:00
parent b02f4dc62c
commit b5820af3cc
4 changed files with 118 additions and 0 deletions

View file

@ -0,0 +1,54 @@
<?php
/**
* Copyright (c) 2013, Bjoern Schiessle <schiessle@owncloud.com>
* This file is licensed under the Affero General Public License version 3 or later.
* See the COPYING-README file.
*
* @brief Script to change recovery key password
*
*/
use OCA\Encryption;
\OCP\JSON::checkLoggedIn();
\OCP\JSON::checkAppEnabled('files_encryption');
\OCP\JSON::callCheck();
$l = OC_L10N::get('core');
$return = false;
$oldPassword = $_POST['oldPassword'];
$newPassword = $_POST['newPassword'];
$view = new \OC\Files\View('/');
$session = new \OCA\Encryption\Session($view);
$user = \OCP\User::getUser();
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
$keyPath = '/' . $user . '/files_encryption/'.$user.'.private.key';
$encryptedKey = $view->file_get_contents($keyPath);
$decryptedKey = \OCA\Encryption\Crypt::decryptPrivateKey($encryptedKey, $oldPassword);
if ($decryptedKey) {
$encryptedKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($decryptedKey, $newPassword);
$view->file_put_contents($keyPath, $encryptedKey);
$session->getPrivateKey($decryptedKey);
$return = true;
}
\OC_FileProxy::$enabled = $proxyStatus;
// success or failure
if ($return) {
\OCP\JSON::success(array('data' => array('message' => $l->t('Private key password successfully updated.'))));
} else {
\OCP\JSON::error(array('data' => array('message' => $l->t('Could not update the private key password. Maybe the old password was not correct.'))));
}

View file

@ -57,4 +57,34 @@ $(document).ready(function(){
}
);
// update private key password
$('input:password[name="changePrivateKeyPassword"]').keyup(function(event) {
var oldPrivateKeyPassword = $('input:password[id="oldPrivateKeyPassword"]').val();
var newPrivateKeyPassword = $('input:password[id="newPrivateKeyPassword"]').val();
if (newPrivateKeyPassword != '' && oldPrivateKeyPassword != '' ) {
$('button:button[name="submitChangePrivateKeyPassword"]').removeAttr("disabled");
} else {
$('button:button[name="submitChangePrivateKeyPassword"]').attr("disabled", "true");
}
});
$('button:button[name="submitChangePrivateKeyPassword"]').click(function() {
var oldPrivateKeyPassword = $('input:password[id="oldPrivateKeyPassword"]').val();
var newPrivateKeyPassword = $('input:password[id="newPrivateKeyPassword"]').val();
OC.msg.startSaving('#encryption .msg');
$.post(
OC.filePath( 'files_encryption', 'ajax', 'updatePrivateKeyPassword.php' )
, { oldPassword: oldPrivateKeyPassword, newPassword: newPrivateKeyPassword }
, function( data ) {
if (data.status == "error") {
OC.msg.finishedSaving('#encryption .msg', data);
} else {
OC.msg.finishedSaving('#encryption .msg', data);
}
}
);
});
});

View file

@ -14,6 +14,9 @@ $tmpl = new OCP\Template('files_encryption', 'settings-personal');
$user = \OCP\USER::getUser();
$view = new \OC_FilesystemView('/');
$util = new \OCA\Encryption\Util($view, $user);
$session = new \OCA\Encryption\Session($view);
$privateKeySet = ($session->getPrivateKey() !== false) ? true : false;
$recoveryAdminEnabled = OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled');
$recoveryEnabledForUser = $util->recoveryEnabledForUser();
@ -23,6 +26,7 @@ $recoveryEnabledForUser = $util->recoveryEnabledForUser();
$tmpl->assign('recoveryEnabled', $recoveryAdminEnabled);
$tmpl->assign('recoveryEnabledForUser', $recoveryEnabledForUser);
$tmpl->assign("privateKeySet" , $privateKeySet);
return $tmpl->fetchPage();

View file

@ -3,6 +3,35 @@
<legend>
<?php p( $l->t( 'Encryption' ) ); ?>
</legend>
<?php if ( ! $_["privateKeySet"] ): ?>
<p>
<label for="changePrivateKeyPasswd"><?php p( $l->t( "Your private key password no longer match your log-in password:" ) ); ?></label>
<br />
<em><?php p( $l->t( "Set your old private key password to your current log-in password." ) ); ?></em>
<br />
<input
type="password"
name="changePrivateKeyPassword"
id="oldPrivateKeyPassword" />
<label for="oldPrivateKeyPassword"><?php p($l->t( "Old log-in password" )); ?></label>
<br />
<input
type="password"
name="changePrivateKeyPassword"
id="newPrivateKeyPassword" />
<label for="newRecoveryPassword"><?php p($l->t( "Current log-in password" )); ?></label>
<br />
<button
type="button"
name="submitChangePrivateKeyPassword"
disabled><?php p($l->t( "Update Private Key Password" )); ?>
</button>
<span class="msg"></span>
</p>
<?php endif; ?>
<br />
<?php if ( $_["recoveryEnabled"] ): ?>
<p>
@ -28,6 +57,7 @@
<div id="recoveryEnabledError"><?php p( $l->t( 'Could not update file recovery' ) ); ?></div>
</p>
<?php endif; ?>
<br />
</fieldset>
</form>