use oc_preferences instead of oc_encryption to store encyption settings
This commit is contained in:
parent
2d83424a29
commit
eb29b2984c
9 changed files with 70 additions and 185 deletions
|
@ -1,39 +0,0 @@
|
||||||
<?xml version="1.0" encoding="ISO-8859-1" ?>
|
|
||||||
<database>
|
|
||||||
<name>*dbname*</name>
|
|
||||||
<create>true</create>
|
|
||||||
<overwrite>false</overwrite>
|
|
||||||
<charset>utf8</charset>
|
|
||||||
<table>
|
|
||||||
<name>*dbprefix*encryption</name>
|
|
||||||
<declaration>
|
|
||||||
<field>
|
|
||||||
<name>uid</name>
|
|
||||||
<type>text</type>
|
|
||||||
<notnull>true</notnull>
|
|
||||||
<length>64</length>
|
|
||||||
</field>
|
|
||||||
<field>
|
|
||||||
<name>mode</name>
|
|
||||||
<type>text</type>
|
|
||||||
<notnull>true</notnull>
|
|
||||||
<length>64</length>
|
|
||||||
<comments>What client-side / server-side configuration is used</comments>
|
|
||||||
</field>
|
|
||||||
<field>
|
|
||||||
<name>recovery_enabled</name>
|
|
||||||
<type>integer</type>
|
|
||||||
<notnull>true</notnull>
|
|
||||||
<default>0</default>
|
|
||||||
<comments>Whether encryption key recovery is enabled</comments>
|
|
||||||
</field>
|
|
||||||
<field>
|
|
||||||
<name>migration_status</name>
|
|
||||||
<type>integer</type>
|
|
||||||
<notnull>true</notnull>
|
|
||||||
<default>0</default>
|
|
||||||
<comments>Whether encryption migration has been performed</comments>
|
|
||||||
</field>
|
|
||||||
</declaration>
|
|
||||||
</table>
|
|
||||||
</database>
|
|
19
apps/files_encryption/appinfo/update.php
Normal file
19
apps/files_encryption/appinfo/update.php
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
$installedVersion=OCP\Config::getAppValue('files_encryption', 'installed_version');
|
||||||
|
// migrate settings from oc_encryption to oc_preferences
|
||||||
|
if (version_compare($installedVersion, '0.6', '<')) {
|
||||||
|
$sql = 'SELECT * FROM `*PREFIX*encryption`';
|
||||||
|
$query = \OCP\DB::prepare($sql);
|
||||||
|
$result = $query->execute(array())->fetchAll();
|
||||||
|
|
||||||
|
foreach ($result as $row) {
|
||||||
|
\OC_Preferences::setValue($row['uid'], 'files_encryption', 'recovery_enabled', $row['recovery_enabled']);
|
||||||
|
\OC_Preferences::setValue($row['uid'], 'files_encryption', 'migration_status', $row['migration_status']);
|
||||||
|
}
|
||||||
|
|
||||||
|
$deleteOldTable = 'DROP TABLE `*PREFIX*encryption`';
|
||||||
|
$query = \OCP\DB::prepare($deleteOldTable);
|
||||||
|
$query->execute(array());
|
||||||
|
|
||||||
|
}
|
|
@ -1 +1 @@
|
||||||
0.5
|
0.6
|
||||||
|
|
|
@ -530,8 +530,7 @@ class Hooks {
|
||||||
public static function preDisable($params) {
|
public static function preDisable($params) {
|
||||||
if ($params['app'] === 'files_encryption') {
|
if ($params['app'] === 'files_encryption') {
|
||||||
|
|
||||||
$setMigrationStatus = \OC_DB::prepare('UPDATE `*PREFIX*encryption` SET `migration_status`=0');
|
\OC_Preferences::deleteAppFromAllUsers('files_encryption');
|
||||||
$setMigrationStatus->execute();
|
|
||||||
|
|
||||||
$session = new \OCA\Encryption\Session(new \OC\Files\View('/'));
|
$session = new \OCA\Encryption\Session(new \OC\Files\View('/'));
|
||||||
$session->setInitialized(\OCA\Encryption\Session::NOT_INITIALIZED);
|
$session->setInitialized(\OCA\Encryption\Session::NOT_INITIALIZED);
|
||||||
|
|
|
@ -43,6 +43,7 @@ class Crypt {
|
||||||
* return encryption mode client or server side encryption
|
* return encryption mode client or server side encryption
|
||||||
* @param string $user name (use system wide setting if name=null)
|
* @param string $user name (use system wide setting if name=null)
|
||||||
* @return string 'client' or 'server'
|
* @return string 'client' or 'server'
|
||||||
|
* @note at the moment we only support server side encryption
|
||||||
*/
|
*/
|
||||||
public static function mode($user = null) {
|
public static function mode($user = null) {
|
||||||
|
|
||||||
|
|
|
@ -194,22 +194,6 @@ class Util {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// If there's no record for this user's encryption preferences
|
|
||||||
if (false === $this->recoveryEnabledForUser()) {
|
|
||||||
|
|
||||||
// create database configuration
|
|
||||||
$sql = 'INSERT INTO `*PREFIX*encryption` (`uid`,`mode`,`recovery_enabled`,`migration_status`) VALUES (?,?,?,?)';
|
|
||||||
$args = array(
|
|
||||||
$this->userId,
|
|
||||||
'server-side',
|
|
||||||
0,
|
|
||||||
self::MIGRATION_OPEN
|
|
||||||
);
|
|
||||||
$query = \OCP\DB::prepare($sql);
|
|
||||||
$query->execute($args);
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -230,36 +214,9 @@ class Util {
|
||||||
*/
|
*/
|
||||||
public function recoveryEnabledForUser() {
|
public function recoveryEnabledForUser() {
|
||||||
|
|
||||||
$sql = 'SELECT `recovery_enabled` FROM `*PREFIX*encryption` WHERE `uid` = ?';
|
$recoveryMode = \OC_Preferences::getValue($this->userId, 'files_encryption', 'recovery_enabled', '0');
|
||||||
|
|
||||||
$args = array($this->userId);
|
return ($recoveryMode === '1') ? true : false;
|
||||||
|
|
||||||
$query = \OCP\DB::prepare($sql);
|
|
||||||
|
|
||||||
$result = $query->execute($args);
|
|
||||||
|
|
||||||
$recoveryEnabled = array();
|
|
||||||
|
|
||||||
if (\OCP\DB::isError($result)) {
|
|
||||||
\OCP\Util::writeLog('Encryption library', \OC_DB::getErrorMessage($result), \OCP\Util::ERROR);
|
|
||||||
} else {
|
|
||||||
$row = $result->fetchRow();
|
|
||||||
if ($row && isset($row['recovery_enabled'])) {
|
|
||||||
$recoveryEnabled[] = $row['recovery_enabled'];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// If no record is found
|
|
||||||
if (empty($recoveryEnabled)) {
|
|
||||||
|
|
||||||
return false;
|
|
||||||
|
|
||||||
// If a record is found
|
|
||||||
} else {
|
|
||||||
|
|
||||||
return $recoveryEnabled[0];
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -270,32 +227,8 @@ class Util {
|
||||||
*/
|
*/
|
||||||
public function setRecoveryForUser($enabled) {
|
public function setRecoveryForUser($enabled) {
|
||||||
|
|
||||||
$recoveryStatus = $this->recoveryEnabledForUser();
|
$value = $enabled ? '1' : '0';
|
||||||
|
return \OC_Preferences::setValue($this->userId, 'files_encryption', 'recovery_enabled', $value);
|
||||||
// If a record for this user already exists, update it
|
|
||||||
if (false === $recoveryStatus) {
|
|
||||||
|
|
||||||
$sql = 'INSERT INTO `*PREFIX*encryption` (`uid`,`mode`,`recovery_enabled`) VALUES (?,?,?)';
|
|
||||||
|
|
||||||
$args = array(
|
|
||||||
$this->userId,
|
|
||||||
'server-side',
|
|
||||||
$enabled
|
|
||||||
);
|
|
||||||
|
|
||||||
// Create a new record instead
|
|
||||||
} else {
|
|
||||||
|
|
||||||
$sql = 'UPDATE `*PREFIX*encryption` SET `recovery_enabled` = ? WHERE `uid` = ?';
|
|
||||||
|
|
||||||
$args = array(
|
|
||||||
$enabled ? '1' : '0',
|
|
||||||
$this->userId
|
|
||||||
);
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
return is_numeric(\OC_DB::executeAudited($sql, $args));
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1133,24 +1066,16 @@ class Util {
|
||||||
/**
|
/**
|
||||||
* set migration status
|
* set migration status
|
||||||
* @param int $status
|
* @param int $status
|
||||||
|
* @param int $preCondition only update migration status if the previous value equals $preCondition
|
||||||
* @return boolean
|
* @return boolean
|
||||||
*/
|
*/
|
||||||
private function setMigrationStatus($status) {
|
private function setMigrationStatus($status, $preCondition = null) {
|
||||||
|
|
||||||
$sql = 'UPDATE `*PREFIX*encryption` SET `migration_status` = ? WHERE `uid` = ?';
|
// convert to string if preCondition is set
|
||||||
$args = array($status, $this->userId);
|
$preCondition = ($preCondition === null) ? null : (string)$preCondition;
|
||||||
$query = \OCP\DB::prepare($sql);
|
|
||||||
$manipulatedRows = $query->execute($args);
|
|
||||||
|
|
||||||
if ($manipulatedRows === 1) {
|
return \OC_Preferences::setValue($this->userId, 'files_encryption', 'migration_status', (string)$status, $preCondition);
|
||||||
$result = true;
|
|
||||||
\OCP\Util::writeLog('Encryption library', "Migration status set to " . self::MIGRATION_OPEN, \OCP\Util::INFO);
|
|
||||||
} else {
|
|
||||||
$result = false;
|
|
||||||
\OCP\Util::writeLog('Encryption library', "Could not set migration status to " . self::MIGRATION_OPEN, \OCP\Util::WARN);
|
|
||||||
}
|
|
||||||
|
|
||||||
return $result;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1159,7 +1084,7 @@ class Util {
|
||||||
*/
|
*/
|
||||||
public function beginMigration() {
|
public function beginMigration() {
|
||||||
|
|
||||||
$result = $this->setMigrationStatus(self::MIGRATION_IN_PROGRESS);
|
$result = $this->setMigrationStatus(self::MIGRATION_IN_PROGRESS, self::MIGRATION_OPEN);
|
||||||
|
|
||||||
if ($result) {
|
if ($result) {
|
||||||
\OCP\Util::writeLog('Encryption library', "Start migration to encryption mode for " . $this->userId, \OCP\Util::INFO);
|
\OCP\Util::writeLog('Encryption library', "Start migration to encryption mode for " . $this->userId, \OCP\Util::INFO);
|
||||||
|
@ -1199,46 +1124,16 @@ class Util {
|
||||||
*/
|
*/
|
||||||
public function getMigrationStatus() {
|
public function getMigrationStatus() {
|
||||||
|
|
||||||
$sql = 'SELECT `migration_status` FROM `*PREFIX*encryption` WHERE `uid` = ?';
|
$migrationStatus = false;
|
||||||
|
if (\OCP\User::userExists($this->userId)) {
|
||||||
$args = array($this->userId);
|
$migrationStatus = \OC_Preferences::getValue($this->userId, 'files_encryption', 'migration_status');
|
||||||
$query = \OCP\DB::prepare($sql);
|
if ($migrationStatus === null) {
|
||||||
|
\OC_Preferences::setValue($this->userId, 'files_encryption', 'migration_status', (string)self::MIGRATION_OPEN);
|
||||||
$result = $query->execute($args);
|
$migrationStatus = self::MIGRATION_OPEN;
|
||||||
|
|
||||||
$migrationStatus = array();
|
|
||||||
|
|
||||||
if (\OCP\DB::isError($result)) {
|
|
||||||
\OCP\Util::writeLog('Encryption library', \OC_DB::getErrorMessage($result), \OCP\Util::ERROR);
|
|
||||||
} else {
|
|
||||||
$row = $result->fetchRow();
|
|
||||||
if ($row && isset($row['migration_status'])) {
|
|
||||||
$migrationStatus[] = $row['migration_status'];
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// If no record is found
|
return (int)$migrationStatus;
|
||||||
if (empty($migrationStatus)) {
|
|
||||||
\OCP\Util::writeLog('Encryption library', "Could not get migration status for " . $this->userId . ", no record found", \OCP\Util::ERROR);
|
|
||||||
// insert missing entry in DB with status open if the user exists
|
|
||||||
if (\OCP\User::userExists($this->userId)) {
|
|
||||||
$sql = 'INSERT INTO `*PREFIX*encryption` (`uid`,`mode`,`recovery_enabled`,`migration_status`) VALUES (?,?,?,?)';
|
|
||||||
$args = array(
|
|
||||||
$this->userId,
|
|
||||||
'server-side',
|
|
||||||
0,
|
|
||||||
self::MIGRATION_OPEN
|
|
||||||
);
|
|
||||||
$query = \OCP\DB::prepare($sql);
|
|
||||||
$query->execute($args);
|
|
||||||
|
|
||||||
return self::MIGRATION_OPEN;
|
|
||||||
} else {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
} else { // If a record is found
|
|
||||||
return (int)$migrationStatus[0];
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -46,7 +46,7 @@
|
||||||
type='radio'
|
type='radio'
|
||||||
name='userEnableRecovery'
|
name='userEnableRecovery'
|
||||||
value='1'
|
value='1'
|
||||||
<?php echo ( $_["recoveryEnabledForUser"] == 1 ? 'checked="checked"' : '' ); ?> />
|
<?php echo ( $_["recoveryEnabledForUser"] ? 'checked="checked"' : '' ); ?> />
|
||||||
<?php p( $l->t( "Enabled" ) ); ?>
|
<?php p( $l->t( "Enabled" ) ); ?>
|
||||||
<br />
|
<br />
|
||||||
|
|
||||||
|
@ -54,7 +54,7 @@
|
||||||
type='radio'
|
type='radio'
|
||||||
name='userEnableRecovery'
|
name='userEnableRecovery'
|
||||||
value='0'
|
value='0'
|
||||||
<?php echo ( $_["recoveryEnabledForUser"] == 0 ? 'checked="checked"' : '' ); ?> />
|
<?php echo ( $_["recoveryEnabledForUser"] === false ? 'checked="checked"' : '' ); ?> />
|
||||||
<?php p( $l->t( "Disabled" ) ); ?>
|
<?php p( $l->t( "Disabled" ) ); ?>
|
||||||
<div id="recoveryEnabledSuccess"><?php p( $l->t( 'File recovery settings updated' ) ); ?></div>
|
<div id="recoveryEnabledSuccess"><?php p( $l->t( 'File recovery settings updated' ) ); ?></div>
|
||||||
<div id="recoveryEnabledError"><?php p( $l->t( 'Could not update file recovery' ) ); ?></div>
|
<div id="recoveryEnabledError"><?php p( $l->t( 'Could not update file recovery' ) ); ?></div>
|
||||||
|
|
|
@ -100,6 +100,29 @@ class Test_Encryption_Hooks extends \PHPUnit_Framework_TestCase {
|
||||||
\OC_User::deleteUser(\Test_Encryption_Hooks::TEST_ENCRYPTION_HOOKS_USER2);
|
\OC_User::deleteUser(\Test_Encryption_Hooks::TEST_ENCRYPTION_HOOKS_USER2);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function testDisableHook() {
|
||||||
|
// encryption is enabled and running so we should have some user specific
|
||||||
|
// settings in oc_preferences
|
||||||
|
$query = \OC_DB::prepare('SELECT * FROM `*PREFIX*preferences` WHERE `appid` = ?');
|
||||||
|
$result = $query->execute(array('files_encryption'));
|
||||||
|
$row = $result->fetchRow();
|
||||||
|
$this->assertTrue(is_array($row));
|
||||||
|
|
||||||
|
// disabling the app should delete all user specific settings
|
||||||
|
\OCA\Encryption\Hooks::preDisable(array('app' => 'files_encryption'));
|
||||||
|
|
||||||
|
// check if user specific settings for the encryption app are really gone
|
||||||
|
$query = \OC_DB::prepare('SELECT * FROM `*PREFIX*preferences` WHERE `appid` = ?');
|
||||||
|
$result = $query->execute(array('files_encryption'));
|
||||||
|
$row = $result->fetchRow();
|
||||||
|
$this->assertFalse($row);
|
||||||
|
|
||||||
|
// relogin user to initialize the encryption again
|
||||||
|
$user = \OCP\User::getUser();
|
||||||
|
\Test_Encryption_Util::loginHelper($user);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
function testDeleteHooks() {
|
function testDeleteHooks() {
|
||||||
|
|
||||||
// remember files_trashbin state
|
// remember files_trashbin state
|
||||||
|
|
|
@ -236,17 +236,15 @@ class Test_Encryption_Util extends \PHPUnit_Framework_TestCase {
|
||||||
// Record the value so we can return it to it's original state later
|
// Record the value so we can return it to it's original state later
|
||||||
$enabled = $util->recoveryEnabledForUser();
|
$enabled = $util->recoveryEnabledForUser();
|
||||||
|
|
||||||
$this->assertTrue($util->setRecoveryForUser(1));
|
$this->assertTrue($util->setRecoveryForUser(!$enabled));
|
||||||
|
|
||||||
$this->assertEquals(1, $util->recoveryEnabledForUser());
|
$this->assertEquals(!$enabled, $util->recoveryEnabledForUser());
|
||||||
|
|
||||||
$this->assertTrue($util->setRecoveryForUser(0));
|
|
||||||
|
|
||||||
$this->assertEquals(0, $util->recoveryEnabledForUser());
|
|
||||||
|
|
||||||
// Return the setting to it's previous state
|
|
||||||
$this->assertTrue($util->setRecoveryForUser($enabled));
|
$this->assertTrue($util->setRecoveryForUser($enabled));
|
||||||
|
|
||||||
|
$this->assertEquals($enabled, $util->recoveryEnabledForUser());
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -587,18 +585,7 @@ class Test_Encryption_Util extends \PHPUnit_Framework_TestCase {
|
||||||
* @return boolean
|
* @return boolean
|
||||||
*/
|
*/
|
||||||
private function setMigrationStatus($status, $user) {
|
private function setMigrationStatus($status, $user) {
|
||||||
$sql = 'UPDATE `*PREFIX*encryption` SET `migration_status` = ? WHERE `uid` = ?';
|
return \OC_Preferences::setValue($user, 'files_encryption', 'migration_status', (string)$status);
|
||||||
$args = array(
|
|
||||||
$status,
|
|
||||||
$user
|
|
||||||
);
|
|
||||||
|
|
||||||
$query = \OCP\DB::prepare($sql);
|
|
||||||
if ($query->execute($args)) {
|
|
||||||
return true;
|
|
||||||
} else {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue