let user update private key password in case it was changed from outside, e.g. external auth back-ends
This commit is contained in:
Björn Schießle
parent
b02f4dc62c
commit
b5820af3cc
4 changed files with 118 additions and 0 deletions
54
apps/files_encryption/ajax/updatePrivateKeyPassword.php
Normal file
54
apps/files_encryption/ajax/updatePrivateKeyPassword.php
Normal file
|
|
@ -0,0 +1,54 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Copyright (c) 2013, Bjoern Schiessle <schiessle@owncloud.com>
|
||||
* This file is licensed under the Affero General Public License version 3 or later.
|
||||
* See the COPYING-README file.
|
||||
*
|
||||
* @brief Script to change recovery key password
|
||||
*
|
||||
*/
|
||||
|
||||
use OCA\Encryption;
|
||||
|
||||
\OCP\JSON::checkLoggedIn();
|
||||
\OCP\JSON::checkAppEnabled('files_encryption');
|
||||
\OCP\JSON::callCheck();
|
||||
|
||||
$l = OC_L10N::get('core');
|
||||
|
||||
$return = false;
|
||||
|
||||
$oldPassword = $_POST['oldPassword'];
|
||||
$newPassword = $_POST['newPassword'];
|
||||
|
||||
$view = new \OC\Files\View('/');
|
||||
$session = new \OCA\Encryption\Session($view);
|
||||
$user = \OCP\User::getUser();
|
||||
|
||||
$proxyStatus = \OC_FileProxy::$enabled;
|
||||
\OC_FileProxy::$enabled = false;
|
||||
|
||||
$keyPath = '/' . $user . '/files_encryption/'.$user.'.private.key';
|
||||
|
||||
$encryptedKey = $view->file_get_contents($keyPath);
|
||||
$decryptedKey = \OCA\Encryption\Crypt::decryptPrivateKey($encryptedKey, $oldPassword);
|
||||
|
||||
if ($decryptedKey) {
|
||||
|
||||
$encryptedKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($decryptedKey, $newPassword);
|
||||
$view->file_put_contents($keyPath, $encryptedKey);
|
||||
|
||||
$session->getPrivateKey($decryptedKey);
|
||||
|
||||
$return = true;
|
||||
}
|
||||
|
||||
\OC_FileProxy::$enabled = $proxyStatus;
|
||||
|
||||
// success or failure
|
||||
if ($return) {
|
||||
\OCP\JSON::success(array('data' => array('message' => $l->t('Private key password successfully updated.'))));
|
||||
} else {
|
||||
\OCP\JSON::error(array('data' => array('message' => $l->t('Could not update the private key password. Maybe the old password was not correct.'))));
|
||||
}
|
||||
|
|
@ -57,4 +57,34 @@ $(document).ready(function(){
|
|||
}
|
||||
|
||||
);
|
||||
|
||||
// update private key password
|
||||
|
||||
$('input:password[name="changePrivateKeyPassword"]').keyup(function(event) {
|
||||
var oldPrivateKeyPassword = $('input:password[id="oldPrivateKeyPassword"]').val();
|
||||
var newPrivateKeyPassword = $('input:password[id="newPrivateKeyPassword"]').val();
|
||||
if (newPrivateKeyPassword != '' && oldPrivateKeyPassword != '' ) {
|
||||
$('button:button[name="submitChangePrivateKeyPassword"]').removeAttr("disabled");
|
||||
} else {
|
||||
$('button:button[name="submitChangePrivateKeyPassword"]').attr("disabled", "true");
|
||||
}
|
||||
});
|
||||
|
||||
$('button:button[name="submitChangePrivateKeyPassword"]').click(function() {
|
||||
var oldPrivateKeyPassword = $('input:password[id="oldPrivateKeyPassword"]').val();
|
||||
var newPrivateKeyPassword = $('input:password[id="newPrivateKeyPassword"]').val();
|
||||
OC.msg.startSaving('#encryption .msg');
|
||||
$.post(
|
||||
OC.filePath( 'files_encryption', 'ajax', 'updatePrivateKeyPassword.php' )
|
||||
, { oldPassword: oldPrivateKeyPassword, newPassword: newPrivateKeyPassword }
|
||||
, function( data ) {
|
||||
if (data.status == "error") {
|
||||
OC.msg.finishedSaving('#encryption .msg', data);
|
||||
} else {
|
||||
OC.msg.finishedSaving('#encryption .msg', data);
|
||||
}
|
||||
}
|
||||
);
|
||||
});
|
||||
|
||||
});
|
||||
|
|
@ -14,6 +14,9 @@ $tmpl = new OCP\Template('files_encryption', 'settings-personal');
|
|||
$user = \OCP\USER::getUser();
|
||||
$view = new \OC_FilesystemView('/');
|
||||
$util = new \OCA\Encryption\Util($view, $user);
|
||||
$session = new \OCA\Encryption\Session($view);
|
||||
|
||||
$privateKeySet = ($session->getPrivateKey() !== false) ? true : false;
|
||||
|
||||
$recoveryAdminEnabled = OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled');
|
||||
$recoveryEnabledForUser = $util->recoveryEnabledForUser();
|
||||
|
|
@ -23,6 +26,7 @@ $recoveryEnabledForUser = $util->recoveryEnabledForUser();
|
|||
|
||||
$tmpl->assign('recoveryEnabled', $recoveryAdminEnabled);
|
||||
$tmpl->assign('recoveryEnabledForUser', $recoveryEnabledForUser);
|
||||
$tmpl->assign("privateKeySet" , $privateKeySet);
|
||||
|
||||
return $tmpl->fetchPage();
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,35 @@
|
|||
<legend>
|
||||
<?php p( $l->t( 'Encryption' ) ); ?>
|
||||
</legend>
|
||||
|
||||
<?php if ( ! $_["privateKeySet"] ): ?>
|
||||
<p>
|
||||
<label for="changePrivateKeyPasswd"><?php p( $l->t( "Your private key password no longer match your log-in password:" ) ); ?></label>
|
||||
<br />
|
||||
<em><?php p( $l->t( "Set your old private key password to your current log-in password." ) ); ?></em>
|
||||
<br />
|
||||
<input
|
||||
type="password"
|
||||
name="changePrivateKeyPassword"
|
||||
id="oldPrivateKeyPassword" />
|
||||
<label for="oldPrivateKeyPassword"><?php p($l->t( "Old log-in password" )); ?></label>
|
||||
<br />
|
||||
<input
|
||||
type="password"
|
||||
name="changePrivateKeyPassword"
|
||||
id="newPrivateKeyPassword" />
|
||||
<label for="newRecoveryPassword"><?php p($l->t( "Current log-in password" )); ?></label>
|
||||
<br />
|
||||
<button
|
||||
type="button"
|
||||
name="submitChangePrivateKeyPassword"
|
||||
disabled><?php p($l->t( "Update Private Key Password" )); ?>
|
||||
</button>
|
||||
<span class="msg"></span>
|
||||
</p>
|
||||
<?php endif; ?>
|
||||
|
||||
<br />
|
||||
|
||||
<?php if ( $_["recoveryEnabled"] ): ?>
|
||||
<p>
|
||||
|
|
@ -28,6 +57,7 @@
|
|||
<div id="recoveryEnabledError"><?php p( $l->t( 'Could not update file recovery' ) ); ?></div>
|
||||
</p>
|
||||
<?php endif; ?>
|
||||
|
||||
<br />
|
||||
</fieldset>
|
||||
</form>
|
||||
|
|
|
|||
Loading…
Reference in a new issue