789 lines
28 KiB
PHP
Executable file
789 lines
28 KiB
PHP
Executable file
<?php
|
|
/**
|
|
* ownCloud
|
|
*
|
|
* @author Florin Peter
|
|
* @copyright 2013 Florin Peter <owncloud@florin-peter.de>
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
|
* License as published by the Free Software Foundation; either
|
|
* version 3 of the License, or any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public
|
|
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
|
*
|
|
*/
|
|
|
|
require_once realpath(dirname(__FILE__) . '/../../../3rdparty/Crypt_Blowfish/Blowfish.php');
|
|
require_once realpath(dirname(__FILE__) . '/../../../lib/base.php');
|
|
require_once realpath(dirname(__FILE__) . '/../lib/crypt.php');
|
|
require_once realpath(dirname(__FILE__) . '/../lib/keymanager.php');
|
|
require_once realpath(dirname(__FILE__) . '/../lib/proxy.php');
|
|
require_once realpath(dirname(__FILE__) . '/../lib/stream.php');
|
|
require_once realpath(dirname(__FILE__) . '/../lib/util.php');
|
|
require_once realpath(dirname(__FILE__) . '/../lib/helper.php');
|
|
require_once realpath(dirname(__FILE__) . '/../appinfo/app.php');
|
|
|
|
use OCA\Encryption;
|
|
|
|
/**
|
|
* Class Test_Encryption_Share
|
|
*/
|
|
class Test_Encryption_Share extends \PHPUnit_Framework_TestCase
|
|
{
|
|
|
|
public $stateFilesTrashbin;
|
|
public $filename;
|
|
public $dataShort;
|
|
/**
|
|
* @var OC_FilesystemView
|
|
*/
|
|
public $view;
|
|
public $folder1;
|
|
public $subfolder;
|
|
public $subsubfolder;
|
|
|
|
function setUp()
|
|
{
|
|
// reset backend
|
|
\OC_User::clearBackends();
|
|
\OC_User::useBackend('database');
|
|
|
|
$this->dataShort = 'hats';
|
|
$this->view = new \OC_FilesystemView('/');
|
|
|
|
$userHome = \OC_User::getHome('admin');
|
|
$this->dataDir = str_replace('/admin', '', $userHome);
|
|
|
|
$this->folder1 = '/folder1';
|
|
$this->subfolder = '/subfolder1';
|
|
$this->subsubfolder = '/subsubfolder1';
|
|
|
|
$this->filename = 'share-tmp.test';
|
|
|
|
// enable resharing
|
|
\OC_Appconfig::setValue('core', 'shareapi_allow_resharing', 'yes');
|
|
|
|
// clear share hooks
|
|
\OC_Hook::clear('OCP\\Share');
|
|
\OC::registerShareHooks();
|
|
\OCP\Util::connectHook('OC_Filesystem', 'setup', '\OC\Files\Storage\Shared', 'setup');
|
|
|
|
// Sharing related hooks
|
|
\OCA\Encryption\Helper::registerShareHooks();
|
|
|
|
// Filesystem related hooks
|
|
\OCA\Encryption\Helper::registerFilesystemHooks();
|
|
|
|
\OC_FileProxy::register(new OCA\Encryption\Proxy());
|
|
|
|
// remember files_trashbin state
|
|
$this->stateFilesTrashbin = OC_App::isEnabled('files_trashbin');
|
|
|
|
// we don't want to tests with app files_trashbin enabled
|
|
\OC_App::disable('files_trashbin');
|
|
|
|
// create users
|
|
$this->loginHelper('user1', true);
|
|
$this->loginHelper('user2', true);
|
|
$this->loginHelper('user3', true);
|
|
|
|
// create group and assign users
|
|
\OC_Group::createGroup('group1');
|
|
\OC_Group::addToGroup('user2', 'group1');
|
|
\OC_Group::addToGroup('user3', 'group1');
|
|
}
|
|
|
|
function tearDown()
|
|
{
|
|
// reset app files_trashbin
|
|
if ($this->stateFilesTrashbin) {
|
|
OC_App::enable('files_trashbin');
|
|
} else {
|
|
OC_App::disable('files_trashbin');
|
|
}
|
|
|
|
// clean group
|
|
\OC_Group::deleteGroup('group1');
|
|
|
|
// cleanup users
|
|
\OC_User::deleteUser('user1');
|
|
\OC_User::deleteUser('user2');
|
|
\OC_User::deleteUser('user3');
|
|
|
|
\OC_FileProxy::clearProxies();
|
|
}
|
|
|
|
/**
|
|
* @param bool $withTeardown
|
|
*/
|
|
function testShareFile($withTeardown = true)
|
|
{
|
|
// login as admin
|
|
$this->loginHelper('admin');
|
|
|
|
// save file with content
|
|
$cryptedFile = file_put_contents('crypt://' . $this->filename, $this->dataShort);
|
|
|
|
// test that data was successfully written
|
|
$this->assertTrue(is_int($cryptedFile));
|
|
|
|
// disable encryption proxy to prevent recursive calls
|
|
$proxyStatus = \OC_FileProxy::$enabled;
|
|
\OC_FileProxy::$enabled = false;
|
|
|
|
// get the file info from previous created file
|
|
$fileInfo = $this->view->getFileInfo('/admin/files/' . $this->filename);
|
|
|
|
// check if we have a valid file info
|
|
$this->assertTrue(is_array($fileInfo));
|
|
|
|
// check if the unencrypted file size is stored
|
|
$this->assertGreaterThan(0, $fileInfo['unencrypted_size']);
|
|
|
|
// re-enable the file proxy
|
|
\OC_FileProxy::$enabled = $proxyStatus;
|
|
|
|
// share the file
|
|
\OCP\Share::shareItem('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user1', OCP\PERMISSION_ALL);
|
|
|
|
// login as admin
|
|
$this->loginHelper('admin');
|
|
|
|
// check if share key for user1 exists
|
|
$this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.user1.shareKey'));
|
|
|
|
// login as user1
|
|
$this->loginHelper('user1');
|
|
|
|
// get file contents
|
|
$retrievedCryptedFile = $this->view->file_get_contents('/user1/files/Shared/' . $this->filename);
|
|
|
|
// check if data is the same as we previously written
|
|
$this->assertEquals($this->dataShort, $retrievedCryptedFile);
|
|
|
|
// cleanup
|
|
if ($withTeardown) {
|
|
|
|
// login as admin
|
|
$this->loginHelper('admin');
|
|
|
|
// unshare the file
|
|
\OCP\Share::unshare('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user1');
|
|
|
|
// check if share key not exists
|
|
$this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.user1.shareKey'));
|
|
|
|
// cleanup
|
|
$this->view->unlink('/admin/files/' . $this->filename);
|
|
|
|
// check if share key not exists
|
|
$this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.admin.shareKey'));
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @param bool $withTeardown
|
|
*/
|
|
function testReShareFile($withTeardown = true)
|
|
{
|
|
$this->testShareFile(false);
|
|
|
|
// login as user1
|
|
$this->loginHelper('user1');
|
|
|
|
// get the file info
|
|
$fileInfo = $this->view->getFileInfo('/user1/files/Shared/' . $this->filename);
|
|
|
|
// share the file with user2
|
|
\OCP\Share::shareItem('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user2', OCP\PERMISSION_ALL);
|
|
|
|
// login as admin
|
|
$this->loginHelper('admin');
|
|
|
|
// check if share key for user2 exists
|
|
$this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.user2.shareKey'));
|
|
|
|
// login as user2
|
|
$this->loginHelper('user2');
|
|
|
|
// get file contents
|
|
$retrievedCryptedFile = $this->view->file_get_contents('/user2/files/Shared/' . $this->filename);
|
|
|
|
// check if data is the same as previously written
|
|
$this->assertEquals($this->dataShort, $retrievedCryptedFile);
|
|
|
|
// cleanup
|
|
if ($withTeardown) {
|
|
|
|
// login as user1
|
|
$this->loginHelper('user1');
|
|
|
|
// unshare the file with user2
|
|
\OCP\Share::unshare('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user2');
|
|
|
|
// login as admin
|
|
$this->loginHelper('admin');
|
|
|
|
// check if share key not exists
|
|
$this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.user2.shareKey'));
|
|
|
|
// unshare the file with user1
|
|
\OCP\Share::unshare('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user1');
|
|
|
|
// check if share key not exists
|
|
$this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.user1.shareKey'));
|
|
|
|
// cleanup
|
|
$this->view->unlink('/admin/files/' . $this->filename);
|
|
|
|
// check if share key not exists
|
|
$this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.admin.shareKey'));
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @param bool $withTeardown
|
|
* @return array
|
|
*/
|
|
function testShareFolder($withTeardown = true)
|
|
{
|
|
// login as admin
|
|
$this->loginHelper('admin');
|
|
|
|
// create folder structure
|
|
$this->view->mkdir('/admin/files' . $this->folder1);
|
|
$this->view->mkdir('/admin/files' . $this->folder1 . $this->subfolder);
|
|
$this->view->mkdir('/admin/files' . $this->folder1 . $this->subfolder . $this->subsubfolder);
|
|
|
|
// save file with content
|
|
$cryptedFile = file_put_contents('crypt://' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename, $this->dataShort);
|
|
|
|
// test that data was successfully written
|
|
$this->assertTrue(is_int($cryptedFile));
|
|
|
|
// disable encryption proxy to prevent recursive calls
|
|
$proxyStatus = \OC_FileProxy::$enabled;
|
|
\OC_FileProxy::$enabled = false;
|
|
|
|
// get the file info from previous created folder
|
|
$fileInfo = $this->view->getFileInfo('/admin/files' . $this->folder1);
|
|
|
|
// check if we have a valid file info
|
|
$this->assertTrue(is_array($fileInfo));
|
|
|
|
// re-enable the file proxy
|
|
\OC_FileProxy::$enabled = $proxyStatus;
|
|
|
|
// share the folder with user1
|
|
\OCP\Share::shareItem('folder', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user1', OCP\PERMISSION_ALL);
|
|
|
|
// login as admin
|
|
$this->loginHelper('admin');
|
|
|
|
// check if share key for user1 exists
|
|
$this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user1.shareKey'));
|
|
|
|
// login as user1
|
|
$this->loginHelper('user1');
|
|
|
|
// get file contents
|
|
$retrievedCryptedFile = $this->view->file_get_contents('/user1/files/Shared' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename);
|
|
|
|
// check if data is the same
|
|
$this->assertEquals($this->dataShort, $retrievedCryptedFile);
|
|
|
|
// cleanup
|
|
if ($withTeardown) {
|
|
|
|
// login as admin
|
|
$this->loginHelper('admin');
|
|
|
|
// unshare the folder with user1
|
|
\OCP\Share::unshare('folder', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user1');
|
|
|
|
// check if share key not exists
|
|
$this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user1.shareKey'));
|
|
|
|
// cleanup
|
|
$this->view->unlink('/admin/files' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename);
|
|
|
|
// check if share key not exists
|
|
$this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.admin.shareKey'));
|
|
}
|
|
|
|
return $fileInfo;
|
|
}
|
|
|
|
/**
|
|
* @param bool $withTeardown
|
|
*/
|
|
function testReShareFolder($withTeardown = true)
|
|
{
|
|
$fileInfoFolder1 = $this->testShareFolder(false);
|
|
|
|
// login as user1
|
|
$this->loginHelper('user1');
|
|
|
|
// disable encryption proxy to prevent recursive calls
|
|
$proxyStatus = \OC_FileProxy::$enabled;
|
|
\OC_FileProxy::$enabled = false;
|
|
|
|
// get the file info from previous created folder
|
|
$fileInfoSubFolder = $this->view->getFileInfo('/user1/files/Shared' . $this->folder1 . $this->subfolder);
|
|
|
|
// check if we have a valid file info
|
|
$this->assertTrue(is_array($fileInfoSubFolder));
|
|
|
|
// re-enable the file proxy
|
|
\OC_FileProxy::$enabled = $proxyStatus;
|
|
|
|
// share the file with user2
|
|
\OCP\Share::shareItem('folder', $fileInfoSubFolder['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user2', OCP\PERMISSION_ALL);
|
|
|
|
// login as admin
|
|
$this->loginHelper('admin');
|
|
|
|
// check if share key for user2 exists
|
|
$this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user2.shareKey'));
|
|
|
|
// login as user2
|
|
$this->loginHelper('user2');
|
|
|
|
// get file contents
|
|
$retrievedCryptedFile = $this->view->file_get_contents('/user2/files/Shared' . $this->subfolder . $this->subsubfolder . '/' . $this->filename);
|
|
|
|
// check if data is the same
|
|
$this->assertEquals($this->dataShort, $retrievedCryptedFile);
|
|
|
|
// get the file info
|
|
$fileInfo = $this->view->getFileInfo('/user2/files/Shared' . $this->subfolder . $this->subsubfolder . '/' . $this->filename);
|
|
|
|
// check if we have fileInfos
|
|
$this->assertTrue(is_array($fileInfo));
|
|
|
|
// share the file with user3
|
|
\OCP\Share::shareItem('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user3', OCP\PERMISSION_ALL);
|
|
|
|
// login as admin
|
|
$this->loginHelper('admin');
|
|
|
|
// check if share key for user3 exists
|
|
$this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user3.shareKey'));
|
|
|
|
// login as user3
|
|
$this->loginHelper('user3');
|
|
|
|
// get file contents
|
|
$retrievedCryptedFile = $this->view->file_get_contents('/user3/files/Shared/' . $this->filename);
|
|
|
|
// check if data is the same
|
|
$this->assertEquals($this->dataShort, $retrievedCryptedFile);
|
|
|
|
// cleanup
|
|
if ($withTeardown) {
|
|
|
|
// login as user2
|
|
$this->loginHelper('user2');
|
|
|
|
// unshare the file with user3
|
|
\OCP\Share::unshare('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user3');
|
|
|
|
// check if share key not exists
|
|
$this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user3.shareKey'));
|
|
|
|
// login as user1
|
|
$this->loginHelper('user1');
|
|
|
|
// unshare the folder with user2
|
|
\OCP\Share::unshare('folder', $fileInfoSubFolder['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user2');
|
|
|
|
// check if share key not exists
|
|
$this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user2.shareKey'));
|
|
|
|
// login as admin
|
|
$this->loginHelper('admin');
|
|
|
|
// unshare the folder1 with user1
|
|
\OCP\Share::unshare('folder', $fileInfoFolder1['fileid'], \OCP\Share::SHARE_TYPE_USER, 'user1');
|
|
|
|
// check if share key not exists
|
|
$this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user1.shareKey'));
|
|
|
|
// cleanup
|
|
$this->view->unlink('/admin/files' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename);
|
|
|
|
// check if share key not exists
|
|
$this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.admin.shareKey'));
|
|
}
|
|
}
|
|
|
|
function testPublicShareFile()
|
|
{
|
|
// login as admin
|
|
$this->loginHelper('admin');
|
|
|
|
// save file with content
|
|
$cryptedFile = file_put_contents('crypt://' . $this->filename, $this->dataShort);
|
|
|
|
// test that data was successfully written
|
|
$this->assertTrue(is_int($cryptedFile));
|
|
|
|
// disable encryption proxy to prevent recursive calls
|
|
$proxyStatus = \OC_FileProxy::$enabled;
|
|
\OC_FileProxy::$enabled = false;
|
|
|
|
// get the file info from previous created file
|
|
$fileInfo = $this->view->getFileInfo('/admin/files/' . $this->filename);
|
|
|
|
// check if we have a valid file info
|
|
$this->assertTrue(is_array($fileInfo));
|
|
|
|
// check if the unencrypted file size is stored
|
|
$this->assertGreaterThan(0, $fileInfo['unencrypted_size']);
|
|
|
|
// re-enable the file proxy
|
|
\OC_FileProxy::$enabled = $proxyStatus;
|
|
|
|
// share the file
|
|
\OCP\Share::shareItem('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_LINK, false, OCP\PERMISSION_ALL);
|
|
|
|
// login as admin
|
|
$this->loginHelper('admin');
|
|
|
|
$publicShareKeyId = \OC_Appconfig::getValue('files_encryption', 'publicShareKeyId');
|
|
|
|
// check if share key for public exists
|
|
$this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.' . $publicShareKeyId . '.shareKey'));
|
|
|
|
// some hacking to simulate public link
|
|
$GLOBALS['app'] = 'files_sharing';
|
|
$GLOBALS['fileOwner'] = 'admin';
|
|
\OC_User::setUserId('');
|
|
|
|
// get file contents
|
|
$retrievedCryptedFile = file_get_contents('crypt://' . $this->filename);
|
|
|
|
// check if data is the same as we previously written
|
|
$this->assertEquals($this->dataShort, $retrievedCryptedFile);
|
|
|
|
// tear down
|
|
|
|
// login as admin
|
|
$this->loginHelper('admin');
|
|
|
|
// unshare the file
|
|
\OCP\Share::unshare('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_LINK, null);
|
|
|
|
// check if share key not exists
|
|
$this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.' . $publicShareKeyId . '.shareKey'));
|
|
|
|
// cleanup
|
|
$this->view->unlink('/admin/files/' . $this->filename);
|
|
|
|
// check if share key not exists
|
|
$this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.admin.shareKey'));
|
|
}
|
|
|
|
function testShareFileWithGroup()
|
|
{
|
|
// login as admin
|
|
$this->loginHelper('admin');
|
|
|
|
// save file with content
|
|
$cryptedFile = file_put_contents('crypt://' . $this->filename, $this->dataShort);
|
|
|
|
// test that data was successfully written
|
|
$this->assertTrue(is_int($cryptedFile));
|
|
|
|
// disable encryption proxy to prevent recursive calls
|
|
$proxyStatus = \OC_FileProxy::$enabled;
|
|
\OC_FileProxy::$enabled = false;
|
|
|
|
// get the file info from previous created file
|
|
$fileInfo = $this->view->getFileInfo('/admin/files/' . $this->filename);
|
|
|
|
// check if we have a valid file info
|
|
$this->assertTrue(is_array($fileInfo));
|
|
|
|
// check if the unencrypted file size is stored
|
|
$this->assertGreaterThan(0, $fileInfo['unencrypted_size']);
|
|
|
|
// re-enable the file proxy
|
|
\OC_FileProxy::$enabled = $proxyStatus;
|
|
|
|
// share the file
|
|
\OCP\Share::shareItem('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP, 'group1', OCP\PERMISSION_ALL);
|
|
|
|
// login as admin
|
|
$this->loginHelper('admin');
|
|
|
|
// check if share key for user2 and user3 exists
|
|
$this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.user2.shareKey'));
|
|
$this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.user3.shareKey'));
|
|
|
|
// login as user1
|
|
$this->loginHelper('user2');
|
|
|
|
// get file contents
|
|
$retrievedCryptedFile = $this->view->file_get_contents('/user2/files/Shared/' . $this->filename);
|
|
|
|
// check if data is the same as we previously written
|
|
$this->assertEquals($this->dataShort, $retrievedCryptedFile);
|
|
|
|
// login as admin
|
|
$this->loginHelper('admin');
|
|
|
|
// unshare the file
|
|
\OCP\Share::unshare('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP, 'group1');
|
|
|
|
// check if share key not exists
|
|
$this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.user2.shareKey'));
|
|
$this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.user3.shareKey'));
|
|
|
|
// cleanup
|
|
$this->view->unlink('/admin/files/' . $this->filename);
|
|
|
|
// check if share key not exists
|
|
$this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.admin.shareKey'));
|
|
|
|
}
|
|
|
|
function testRecoveryFile()
|
|
{
|
|
\OCA\Encryption\Helper::adminEnableRecovery(null, 'test123');
|
|
$recoveryKeyId = OC_Appconfig::getValue('files_encryption', 'recoveryKeyId');
|
|
|
|
// check if control file created
|
|
$this->assertTrue($this->view->file_exists('/control-file/controlfile.enc'));
|
|
|
|
// login as admin
|
|
$this->loginHelper('admin');
|
|
|
|
$util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), 'admin');
|
|
|
|
// check if recovery password match
|
|
$this->assertTrue($util->checkRecoveryPassword('test123'));
|
|
|
|
// enable recovery for admin
|
|
$this->assertTrue($util->setRecoveryForUser(1));
|
|
|
|
// create folder structure
|
|
$this->view->mkdir('/admin/files' . $this->folder1);
|
|
$this->view->mkdir('/admin/files' . $this->folder1 . $this->subfolder);
|
|
$this->view->mkdir('/admin/files' . $this->folder1 . $this->subfolder . $this->subsubfolder);
|
|
|
|
// save file with content
|
|
$cryptedFile1 = file_put_contents('crypt://' . $this->filename, $this->dataShort);
|
|
$cryptedFile2 = file_put_contents('crypt://' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename, $this->dataShort);
|
|
|
|
// test that data was successfully written
|
|
$this->assertTrue(is_int($cryptedFile1));
|
|
$this->assertTrue(is_int($cryptedFile2));
|
|
|
|
// check if share key for admin and recovery exists
|
|
$this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.admin.shareKey'));
|
|
$this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.' . $recoveryKeyId . '.shareKey'));
|
|
$this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.admin.shareKey'));
|
|
$this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.' . $recoveryKeyId . '.shareKey'));
|
|
|
|
// disable recovery for admin
|
|
$this->assertTrue($util->setRecoveryForUser(0));
|
|
|
|
// remove all recovery keys
|
|
$util->removeRecoveryKeys('/');
|
|
|
|
// check if share key for recovery not exists
|
|
$this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.' . $recoveryKeyId . '.shareKey'));
|
|
$this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.' . $recoveryKeyId . '.shareKey'));
|
|
|
|
// enable recovery for admin
|
|
$this->assertTrue($util->setRecoveryForUser(1));
|
|
|
|
// remove all recovery keys
|
|
$util->addRecoveryKeys('/');
|
|
|
|
// check if share key for admin and recovery exists
|
|
$this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.' . $recoveryKeyId . '.shareKey'));
|
|
$this->assertTrue($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.' . $recoveryKeyId . '.shareKey'));
|
|
|
|
// cleanup
|
|
$this->view->unlink('/admin/files/' . $this->filename);
|
|
$this->view->unlink('/admin/files/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename);
|
|
|
|
// check if share key for recovery not exists
|
|
$this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.' . $recoveryKeyId . '.shareKey'));
|
|
$this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.' . $recoveryKeyId . '.shareKey'));
|
|
|
|
\OCA\Encryption\Helper::adminDisableRecovery('test123');
|
|
$this->assertEquals(0, \OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled'));
|
|
}
|
|
|
|
function testRecoveryForUser()
|
|
{
|
|
// login as admin
|
|
$this->loginHelper('admin');
|
|
|
|
\OCA\Encryption\Helper::adminEnableRecovery(null, 'test123');
|
|
$recoveryKeyId = OC_Appconfig::getValue('files_encryption', 'recoveryKeyId');
|
|
|
|
// check if control file created
|
|
$this->assertTrue($this->view->file_exists('/control-file/controlfile.enc'));
|
|
|
|
// login as user1
|
|
$this->loginHelper('user1');
|
|
|
|
$util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), 'user1');
|
|
|
|
// enable recovery for admin
|
|
$this->assertTrue($util->setRecoveryForUser(1));
|
|
|
|
// create folder structure
|
|
$this->view->mkdir('/user1/files' . $this->folder1);
|
|
$this->view->mkdir('/user1/files' . $this->folder1 . $this->subfolder);
|
|
$this->view->mkdir('/user1/files' . $this->folder1 . $this->subfolder . $this->subsubfolder);
|
|
|
|
// save file with content
|
|
$cryptedFile1 = file_put_contents('crypt://' . $this->filename, $this->dataShort);
|
|
$cryptedFile2 = file_put_contents('crypt://' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename, $this->dataShort);
|
|
|
|
// test that data was successfully written
|
|
$this->assertTrue(is_int($cryptedFile1));
|
|
$this->assertTrue(is_int($cryptedFile2));
|
|
|
|
// check if share key for user and recovery exists
|
|
$this->assertTrue($this->view->file_exists('/user1/files_encryption/share-keys/' . $this->filename . '.user1.shareKey'));
|
|
$this->assertTrue($this->view->file_exists('/user1/files_encryption/share-keys/' . $this->filename . '.' . $recoveryKeyId . '.shareKey'));
|
|
$this->assertTrue($this->view->file_exists('/user1/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user1.shareKey'));
|
|
$this->assertTrue($this->view->file_exists('/user1/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.' . $recoveryKeyId . '.shareKey'));
|
|
|
|
// login as admin
|
|
$this->loginHelper('admin');
|
|
|
|
// change password
|
|
\OC_User::setPassword('user1', 'test', 'test123');
|
|
|
|
// login as user1
|
|
$this->loginHelper('user1', false, 'test');
|
|
|
|
// get file contents
|
|
$retrievedCryptedFile1 = file_get_contents('crypt://' . $this->filename);
|
|
$retrievedCryptedFile2 = file_get_contents('crypt://' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename);
|
|
|
|
// check if data is the same as we previously written
|
|
$this->assertEquals($this->dataShort, $retrievedCryptedFile1);
|
|
$this->assertEquals($this->dataShort, $retrievedCryptedFile2);
|
|
|
|
// cleanup
|
|
$this->view->unlink('/user1/files' . $this->folder1);
|
|
$this->view->unlink('/user1/files' . $this->filename);
|
|
|
|
// check if share key for user and recovery exists
|
|
$this->assertFalse($this->view->file_exists('/user1/files_encryption/share-keys/' . $this->filename . '.user1.shareKey'));
|
|
$this->assertFalse($this->view->file_exists('/user1/files_encryption/share-keys/' . $this->filename . '.' . $recoveryKeyId . '.shareKey'));
|
|
$this->assertFalse($this->view->file_exists('/user1/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.user1.shareKey'));
|
|
$this->assertFalse($this->view->file_exists('/user1/files_encryption/share-keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '.' . $recoveryKeyId . '.shareKey'));
|
|
|
|
// enable recovery for admin
|
|
$this->assertTrue($util->setRecoveryForUser(0));
|
|
|
|
\OCA\Encryption\Helper::adminDisableRecovery('test123');
|
|
$this->assertEquals(0, \OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled'));
|
|
}
|
|
|
|
function testFailShareFile()
|
|
{
|
|
// login as admin
|
|
$this->loginHelper('admin');
|
|
|
|
// save file with content
|
|
$cryptedFile = file_put_contents('crypt://' . $this->filename, $this->dataShort);
|
|
|
|
// test that data was successfully written
|
|
$this->assertTrue(is_int($cryptedFile));
|
|
|
|
// disable encryption proxy to prevent recursive calls
|
|
$proxyStatus = \OC_FileProxy::$enabled;
|
|
\OC_FileProxy::$enabled = false;
|
|
|
|
// get the file info from previous created file
|
|
$fileInfo = $this->view->getFileInfo('/admin/files/' . $this->filename);
|
|
|
|
// check if we have a valid file info
|
|
$this->assertTrue(is_array($fileInfo));
|
|
|
|
// check if the unencrypted file size is stored
|
|
$this->assertGreaterThan(0, $fileInfo['unencrypted_size']);
|
|
|
|
// break users public key
|
|
$this->view->rename('/public-keys/user2.public.key', '/public-keys/user2.public.key_backup');
|
|
|
|
// re-enable the file proxy
|
|
\OC_FileProxy::$enabled = $proxyStatus;
|
|
|
|
// share the file
|
|
\OCP\Share::shareItem('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP, 'group1', OCP\PERMISSION_ALL);
|
|
|
|
// login as admin
|
|
$this->loginHelper('admin');
|
|
|
|
// check if share key for user1 not exists
|
|
$this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.user2.shareKey'));
|
|
|
|
// disable encryption proxy to prevent recursive calls
|
|
$proxyStatus = \OC_FileProxy::$enabled;
|
|
\OC_FileProxy::$enabled = false;
|
|
|
|
// break user1 public key
|
|
$this->view->rename('/public-keys/user2.public.key_backup', '/public-keys/user2.public.key');
|
|
|
|
// remove share file
|
|
$this->view->unlink('/admin/files_encryption/share-keys/' . $this->filename . '.user2.shareKey');
|
|
|
|
// re-enable the file proxy
|
|
\OC_FileProxy::$enabled = $proxyStatus;
|
|
|
|
// unshare the file with user1
|
|
\OCP\Share::unshare('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP, 'group1');
|
|
|
|
// check if share key not exists
|
|
$this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/' . $this->filename . '.user2.shareKey'));
|
|
|
|
// cleanup
|
|
$this->view->unlink('/admin/files/' . $this->filename);
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
* @param $user
|
|
* @param bool $create
|
|
* @param bool $password
|
|
*/
|
|
function loginHelper($user, $create = false, $password = false)
|
|
{
|
|
if ($create) {
|
|
\OC_User::createUser($user, $user);
|
|
}
|
|
|
|
if ($password === false) {
|
|
$password = $user;
|
|
}
|
|
|
|
\OC_Util::tearDownFS();
|
|
\OC_User::setUserId('');
|
|
\OC\Files\Filesystem::tearDown();
|
|
\OC_Util::setupFS($user);
|
|
\OC_User::setUserId($user);
|
|
|
|
$params['uid'] = $user;
|
|
$params['password'] = $password;
|
|
OCA\Encryption\Hooks::login($params);
|
|
}
|
|
}
|