use oc_preferences instead of oc_encryption to store encyption settings

This commit is contained in:
Bjoern Schiessle 2014-05-06 19:20:49 +02:00 committed by Thomas Müller
parent 2d83424a29
commit eb29b2984c
9 changed files with 70 additions and 185 deletions

View file

@ -1,39 +0,0 @@
<?xml version="1.0" encoding="ISO-8859-1" ?>
<database>
<name>*dbname*</name>
<create>true</create>
<overwrite>false</overwrite>
<charset>utf8</charset>
<table>
<name>*dbprefix*encryption</name>
<declaration>
<field>
<name>uid</name>
<type>text</type>
<notnull>true</notnull>
<length>64</length>
</field>
<field>
<name>mode</name>
<type>text</type>
<notnull>true</notnull>
<length>64</length>
<comments>What client-side / server-side configuration is used</comments>
</field>
<field>
<name>recovery_enabled</name>
<type>integer</type>
<notnull>true</notnull>
<default>0</default>
<comments>Whether encryption key recovery is enabled</comments>
</field>
<field>
<name>migration_status</name>
<type>integer</type>
<notnull>true</notnull>
<default>0</default>
<comments>Whether encryption migration has been performed</comments>
</field>
</declaration>
</table>
</database>

View file

@ -0,0 +1,19 @@
<?php
$installedVersion=OCP\Config::getAppValue('files_encryption', 'installed_version');
// migrate settings from oc_encryption to oc_preferences
if (version_compare($installedVersion, '0.6', '<')) {
$sql = 'SELECT * FROM `*PREFIX*encryption`';
$query = \OCP\DB::prepare($sql);
$result = $query->execute(array())->fetchAll();
foreach ($result as $row) {
\OC_Preferences::setValue($row['uid'], 'files_encryption', 'recovery_enabled', $row['recovery_enabled']);
\OC_Preferences::setValue($row['uid'], 'files_encryption', 'migration_status', $row['migration_status']);
}
$deleteOldTable = 'DROP TABLE `*PREFIX*encryption`';
$query = \OCP\DB::prepare($deleteOldTable);
$query->execute(array());
}

View file

@ -1 +1 @@
0.5 0.6

View file

@ -530,8 +530,7 @@ class Hooks {
public static function preDisable($params) { public static function preDisable($params) {
if ($params['app'] === 'files_encryption') { if ($params['app'] === 'files_encryption') {
$setMigrationStatus = \OC_DB::prepare('UPDATE `*PREFIX*encryption` SET `migration_status`=0'); \OC_Preferences::deleteAppFromAllUsers('files_encryption');
$setMigrationStatus->execute();
$session = new \OCA\Encryption\Session(new \OC\Files\View('/')); $session = new \OCA\Encryption\Session(new \OC\Files\View('/'));
$session->setInitialized(\OCA\Encryption\Session::NOT_INITIALIZED); $session->setInitialized(\OCA\Encryption\Session::NOT_INITIALIZED);

View file

@ -43,6 +43,7 @@ class Crypt {
* return encryption mode client or server side encryption * return encryption mode client or server side encryption
* @param string $user name (use system wide setting if name=null) * @param string $user name (use system wide setting if name=null)
* @return string 'client' or 'server' * @return string 'client' or 'server'
* @note at the moment we only support server side encryption
*/ */
public static function mode($user = null) { public static function mode($user = null) {

View file

@ -194,22 +194,6 @@ class Util {
} }
} }
// If there's no record for this user's encryption preferences
if (false === $this->recoveryEnabledForUser()) {
// create database configuration
$sql = 'INSERT INTO `*PREFIX*encryption` (`uid`,`mode`,`recovery_enabled`,`migration_status`) VALUES (?,?,?,?)';
$args = array(
$this->userId,
'server-side',
0,
self::MIGRATION_OPEN
);
$query = \OCP\DB::prepare($sql);
$query->execute($args);
}
return true; return true;
} }
@ -230,36 +214,9 @@ class Util {
*/ */
public function recoveryEnabledForUser() { public function recoveryEnabledForUser() {
$sql = 'SELECT `recovery_enabled` FROM `*PREFIX*encryption` WHERE `uid` = ?'; $recoveryMode = \OC_Preferences::getValue($this->userId, 'files_encryption', 'recovery_enabled', '0');
$args = array($this->userId); return ($recoveryMode === '1') ? true : false;
$query = \OCP\DB::prepare($sql);
$result = $query->execute($args);
$recoveryEnabled = array();
if (\OCP\DB::isError($result)) {
\OCP\Util::writeLog('Encryption library', \OC_DB::getErrorMessage($result), \OCP\Util::ERROR);
} else {
$row = $result->fetchRow();
if ($row && isset($row['recovery_enabled'])) {
$recoveryEnabled[] = $row['recovery_enabled'];
}
}
// If no record is found
if (empty($recoveryEnabled)) {
return false;
// If a record is found
} else {
return $recoveryEnabled[0];
}
} }
@ -270,32 +227,8 @@ class Util {
*/ */
public function setRecoveryForUser($enabled) { public function setRecoveryForUser($enabled) {
$recoveryStatus = $this->recoveryEnabledForUser(); $value = $enabled ? '1' : '0';
return \OC_Preferences::setValue($this->userId, 'files_encryption', 'recovery_enabled', $value);
// If a record for this user already exists, update it
if (false === $recoveryStatus) {
$sql = 'INSERT INTO `*PREFIX*encryption` (`uid`,`mode`,`recovery_enabled`) VALUES (?,?,?)';
$args = array(
$this->userId,
'server-side',
$enabled
);
// Create a new record instead
} else {
$sql = 'UPDATE `*PREFIX*encryption` SET `recovery_enabled` = ? WHERE `uid` = ?';
$args = array(
$enabled ? '1' : '0',
$this->userId
);
}
return is_numeric(\OC_DB::executeAudited($sql, $args));
} }
@ -1133,24 +1066,16 @@ class Util {
/** /**
* set migration status * set migration status
* @param int $status * @param int $status
* @param int $preCondition only update migration status if the previous value equals $preCondition
* @return boolean * @return boolean
*/ */
private function setMigrationStatus($status) { private function setMigrationStatus($status, $preCondition = null) {
$sql = 'UPDATE `*PREFIX*encryption` SET `migration_status` = ? WHERE `uid` = ?'; // convert to string if preCondition is set
$args = array($status, $this->userId); $preCondition = ($preCondition === null) ? null : (string)$preCondition;
$query = \OCP\DB::prepare($sql);
$manipulatedRows = $query->execute($args);
if ($manipulatedRows === 1) { return \OC_Preferences::setValue($this->userId, 'files_encryption', 'migration_status', (string)$status, $preCondition);
$result = true;
\OCP\Util::writeLog('Encryption library', "Migration status set to " . self::MIGRATION_OPEN, \OCP\Util::INFO);
} else {
$result = false;
\OCP\Util::writeLog('Encryption library', "Could not set migration status to " . self::MIGRATION_OPEN, \OCP\Util::WARN);
}
return $result;
} }
/** /**
@ -1159,7 +1084,7 @@ class Util {
*/ */
public function beginMigration() { public function beginMigration() {
$result = $this->setMigrationStatus(self::MIGRATION_IN_PROGRESS); $result = $this->setMigrationStatus(self::MIGRATION_IN_PROGRESS, self::MIGRATION_OPEN);
if ($result) { if ($result) {
\OCP\Util::writeLog('Encryption library', "Start migration to encryption mode for " . $this->userId, \OCP\Util::INFO); \OCP\Util::writeLog('Encryption library', "Start migration to encryption mode for " . $this->userId, \OCP\Util::INFO);
@ -1199,46 +1124,16 @@ class Util {
*/ */
public function getMigrationStatus() { public function getMigrationStatus() {
$sql = 'SELECT `migration_status` FROM `*PREFIX*encryption` WHERE `uid` = ?'; $migrationStatus = false;
if (\OCP\User::userExists($this->userId)) {
$args = array($this->userId); $migrationStatus = \OC_Preferences::getValue($this->userId, 'files_encryption', 'migration_status');
$query = \OCP\DB::prepare($sql); if ($migrationStatus === null) {
\OC_Preferences::setValue($this->userId, 'files_encryption', 'migration_status', (string)self::MIGRATION_OPEN);
$result = $query->execute($args); $migrationStatus = self::MIGRATION_OPEN;
$migrationStatus = array();
if (\OCP\DB::isError($result)) {
\OCP\Util::writeLog('Encryption library', \OC_DB::getErrorMessage($result), \OCP\Util::ERROR);
} else {
$row = $result->fetchRow();
if ($row && isset($row['migration_status'])) {
$migrationStatus[] = $row['migration_status'];
} }
} }
// If no record is found return (int)$migrationStatus;
if (empty($migrationStatus)) {
\OCP\Util::writeLog('Encryption library', "Could not get migration status for " . $this->userId . ", no record found", \OCP\Util::ERROR);
// insert missing entry in DB with status open if the user exists
if (\OCP\User::userExists($this->userId)) {
$sql = 'INSERT INTO `*PREFIX*encryption` (`uid`,`mode`,`recovery_enabled`,`migration_status`) VALUES (?,?,?,?)';
$args = array(
$this->userId,
'server-side',
0,
self::MIGRATION_OPEN
);
$query = \OCP\DB::prepare($sql);
$query->execute($args);
return self::MIGRATION_OPEN;
} else {
return false;
}
} else { // If a record is found
return (int)$migrationStatus[0];
}
} }

View file

@ -46,7 +46,7 @@
type='radio' type='radio'
name='userEnableRecovery' name='userEnableRecovery'
value='1' value='1'
<?php echo ( $_["recoveryEnabledForUser"] == 1 ? 'checked="checked"' : '' ); ?> /> <?php echo ( $_["recoveryEnabledForUser"] ? 'checked="checked"' : '' ); ?> />
<?php p( $l->t( "Enabled" ) ); ?> <?php p( $l->t( "Enabled" ) ); ?>
<br /> <br />
@ -54,7 +54,7 @@
type='radio' type='radio'
name='userEnableRecovery' name='userEnableRecovery'
value='0' value='0'
<?php echo ( $_["recoveryEnabledForUser"] == 0 ? 'checked="checked"' : '' ); ?> /> <?php echo ( $_["recoveryEnabledForUser"] === false ? 'checked="checked"' : '' ); ?> />
<?php p( $l->t( "Disabled" ) ); ?> <?php p( $l->t( "Disabled" ) ); ?>
<div id="recoveryEnabledSuccess"><?php p( $l->t( 'File recovery settings updated' ) ); ?></div> <div id="recoveryEnabledSuccess"><?php p( $l->t( 'File recovery settings updated' ) ); ?></div>
<div id="recoveryEnabledError"><?php p( $l->t( 'Could not update file recovery' ) ); ?></div> <div id="recoveryEnabledError"><?php p( $l->t( 'Could not update file recovery' ) ); ?></div>

View file

@ -100,6 +100,29 @@ class Test_Encryption_Hooks extends \PHPUnit_Framework_TestCase {
\OC_User::deleteUser(\Test_Encryption_Hooks::TEST_ENCRYPTION_HOOKS_USER2); \OC_User::deleteUser(\Test_Encryption_Hooks::TEST_ENCRYPTION_HOOKS_USER2);
} }
function testDisableHook() {
// encryption is enabled and running so we should have some user specific
// settings in oc_preferences
$query = \OC_DB::prepare('SELECT * FROM `*PREFIX*preferences` WHERE `appid` = ?');
$result = $query->execute(array('files_encryption'));
$row = $result->fetchRow();
$this->assertTrue(is_array($row));
// disabling the app should delete all user specific settings
\OCA\Encryption\Hooks::preDisable(array('app' => 'files_encryption'));
// check if user specific settings for the encryption app are really gone
$query = \OC_DB::prepare('SELECT * FROM `*PREFIX*preferences` WHERE `appid` = ?');
$result = $query->execute(array('files_encryption'));
$row = $result->fetchRow();
$this->assertFalse($row);
// relogin user to initialize the encryption again
$user = \OCP\User::getUser();
\Test_Encryption_Util::loginHelper($user);
}
function testDeleteHooks() { function testDeleteHooks() {
// remember files_trashbin state // remember files_trashbin state

View file

@ -236,17 +236,15 @@ class Test_Encryption_Util extends \PHPUnit_Framework_TestCase {
// Record the value so we can return it to it's original state later // Record the value so we can return it to it's original state later
$enabled = $util->recoveryEnabledForUser(); $enabled = $util->recoveryEnabledForUser();
$this->assertTrue($util->setRecoveryForUser(1)); $this->assertTrue($util->setRecoveryForUser(!$enabled));
$this->assertEquals(1, $util->recoveryEnabledForUser()); $this->assertEquals(!$enabled, $util->recoveryEnabledForUser());
$this->assertTrue($util->setRecoveryForUser(0));
$this->assertEquals(0, $util->recoveryEnabledForUser());
// Return the setting to it's previous state
$this->assertTrue($util->setRecoveryForUser($enabled)); $this->assertTrue($util->setRecoveryForUser($enabled));
$this->assertEquals($enabled, $util->recoveryEnabledForUser());
} }
/** /**
@ -587,18 +585,7 @@ class Test_Encryption_Util extends \PHPUnit_Framework_TestCase {
* @return boolean * @return boolean
*/ */
private function setMigrationStatus($status, $user) { private function setMigrationStatus($status, $user) {
$sql = 'UPDATE `*PREFIX*encryption` SET `migration_status` = ? WHERE `uid` = ?'; return \OC_Preferences::setValue($user, 'files_encryption', 'migration_status', (string)$status);
$args = array(
$status,
$user
);
$query = \OCP\DB::prepare($sql);
if ($query->execute($args)) {
return true;
} else {
return false;
}
} }
} }