diff --git a/apps/files_encryption/ajax/adminrecovery.php b/apps/files_encryption/ajax/adminrecovery.php
index c3c19943c0d20e203f01b6d957365fabc3210bd2..6a056dc7b3dca32edb366d7a233b3445ab94b3d9 100644
--- a/apps/files_encryption/ajax/adminrecovery.php
+++ b/apps/files_encryption/ajax/adminrecovery.php
@@ -1,4 +1,5 @@
<?php
+
/**
* Copyright (c) 2013, Sam Tuke <samtuke@owncloud.com>
* This file is licensed under the Affero General Public License version 3 or later.
@@ -6,87 +7,78 @@
*
* @brief Script to handle admin settings for encrypted key recovery
*/
-
use OCA\Encryption;
\OCP\JSON::checkAdminUser();
-\OCP\JSON::checkAppEnabled( 'files_encryption' );
+\OCP\JSON::checkAppEnabled('files_encryption');
\OCP\JSON::callCheck();
-$return = $doSetup = false;
+$return = false;
// Enable recoveryAdmin
-if (
- isset( $_POST['adminEnableRecovery'] )
- && 1 == $_POST['adminEnableRecovery']
-// && isset( $_POST['recoveryPassword'] )
-// && ! empty ( $_POST['recoveryPassword'] )
+
+if (
+ isset($_POST['adminEnableRecovery'])
+ && 1 == $_POST['adminEnableRecovery']
) {
- // TODO: Let the admin set this themselves
- $recoveryAdminUid = 'recoveryAdmin';
-
- // If desired recoveryAdmin UID is already in use
- if ( ! \OC_User::userExists( $recoveryAdminUid ) ) {
-
- // Create new recoveryAdmin user
- \OC_User::createUser( $recoveryAdminUid, $_POST['recoveryPassword'] );
-
- // Make recovery user an administrator
- \OC_Group::addToGroup ( $recoveryAdminUid, 'admin' );
-
- $doSetup = true;
-
- } else {
-
- // Get list of admin users
- $admins = OC_Group::usersInGroup( 'admin' );
-
- // If the existing recoveryAdmin UID is an admin
- if ( in_array( $recoveryAdminUid, $admins ) ) {
-
- // The desired recoveryAdmi UID pre-exists and can be used
- $doSetup = true;
-
- // If the recoveryAdmin UID exists but doesn't have admin rights
- } else {
-
- $return = false;
-
- }
-
+ $view = new \OC\Files\View('/');
+
+ $recoveryKeyId = OC_Appconfig::getValue('files_encryption', 'recoveryKeyId');
+
+ if ($recoveryKeyId === null) {
+ $recoveryKeyId = 'recovery_' . substr(md5(time()), 0, 8);
+ \OC_Appconfig::setValue('files_encryption', 'recoveryKeyId', $recoveryKeyId);
}
-
- // Setup recoveryAdmin user for encryption
- if ( $doSetup ) {
-
- $view = new \OC_FilesystemView( '/' );
- $util = new \OCA\Encryption\Util( $view, $recoveryAdminUid );
-
- // Ensure recoveryAdmin is ready for encryption (has usable keypair etc.)
- $util->setupServerSide( $_POST['recoveryPassword'] );
-
- // Store the UID in the DB
- OC_Appconfig::setValue( 'files_encryption', 'recoveryAdminUid', $recoveryAdminUid );
-
- $return = true;
-
+
+ if (!$view->is_dir('/owncloud_private_key')) {
+ $view->mkdir('/owncloud_private_key');
}
-
+
+ if (
+ (!$view->file_exists("/public-keys/" . $recoveryKeyId . ".public.key")
+ || !$view->file_exists("/owncloud_private_key/" . $recoveryKeyId . ".private.key"))
+ && isset($_POST['recoveryPassword'])
+ && !empty($_POST['recoveryPassword'])
+ ) {
+
+ $keypair = \OCA\Encryption\Crypt::createKeypair();
+
+ \OC_FileProxy::$enabled = false;
+
+ // Save public key
+
+ if (!$view->is_dir('/public-keys')) {
+ $view->mkdir('/public-keys');
+ }
+
+ $view->file_put_contents('/public-keys/' . $recoveryKeyId . '.public.key', $keypair['publicKey']);
+
+ // Encrypt private key empthy passphrase
+ $encryptedPrivateKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($keypair['privateKey'], $_POST['recoveryPassword']);
+
+ // Save private key
+ $view->file_put_contents('/owncloud_private_key/' . $recoveryKeyId . '.private.key', $encryptedPrivateKey);
+
+ \OC_FileProxy::$enabled = true;
+
+ }
+
// Set recoveryAdmin as enabled
- OC_Appconfig::setValue( 'files_encryption', 'recoveryAdminEnabled', 1 );
+ OC_Appconfig::setValue('files_encryption', 'recoveryAdminEnabled', 1);
+
+ $return = true;
// Disable recoveryAdmin
-} elseif (
- isset( $_POST['adminEnableRecovery'] )
- && 0 == $_POST['adminEnableRecovery']
+} elseif (
+ isset($_POST['adminEnableRecovery'])
+ && 0 == $_POST['adminEnableRecovery']
) {
-
- // Set recoveryAdmin as enabled
- OC_Appconfig::setValue( 'files_encryption', 'recoveryAdminEnabled', 0 );
-
- $return = true;
+ // Set recoveryAdmin as enabled
+ OC_Appconfig::setValue('files_encryption', 'recoveryAdminEnabled', 0);
+
+ $return = true;
}
// Return success or failure
diff --git a/apps/files_encryption/js/settings-admin.js b/apps/files_encryption/js/settings-admin.js
index 8e9c8c223061c88beac470f9b10b9fa190e60305..9cdb7aca68a2fc52e0e3480aa58d40c39cd3cafa 100644
--- a/apps/files_encryption/js/settings-admin.js
+++ b/apps/files_encryption/js/settings-admin.js
@@ -7,13 +7,6 @@
$(document).ready(function(){
- // Trigger ajax on filetype blacklist change
- $('#encryption_blacklist').multiSelect({
- oncheck:blackListChange,
- onuncheck:blackListChange,
- createText:'...'
- });
-
// Trigger ajax on recoveryAdmin status change
$( 'input:radio[name="adminEnableRecovery"]' ).change(
function() {
@@ -24,7 +17,7 @@ $(document).ready(function(){
if ( '' == recoveryPassword ) {
// FIXME: add proper OC notification
- alert( 'You must set a recovery account password first' );
+ alert( 'You must set a recovery account password first' );
} else {
diff --git a/apps/files_encryption/lib/session.php b/apps/files_encryption/lib/session.php
index 920f0b6a9a30919bf572585827ce9136ba5c1d18..5444d0215ca0afdade10e5f36f64f66fea1f6655 100644
--- a/apps/files_encryption/lib/session.php
+++ b/apps/files_encryption/lib/session.php
@@ -49,7 +49,7 @@ class Session {
$publicShareKeyId = \OC_Appconfig::getValue('files_encryption', 'publicShareKeyId');
if ($publicShareKeyId === null) {
- $publicShareKeyId = substr(md5(time()),0,8);
+ $publicShareKeyId = 'pubShare_'.substr(md5(time()),0,8);
\OC_Appconfig::setValue('files_encryption', 'publicShareKeyId', $publicShareKeyId);
}
@@ -57,13 +57,7 @@ class Session {
! $this->view->file_exists( "/public-keys/".$publicShareKeyId.".public.key" )
|| ! $this->view->file_exists( "/owncloud_private_key/".$publicShareKeyId.".private.key" )
) {
-
- //FIXME: Bug: for some reason file_exists is returning
- // false in above if statement, and causing new keys
- // to be generated on each page load. At last check
- // our app.php is being executed 18 times per page load
- // , causing 18 new keypairs and huge performance hit.
-
+
$keypair = Crypt::createKeypair();
\OC_FileProxy::$enabled = false;
diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php
index 8162ae0a367a63a8e36ce78309a15abea51c1543..732f5fece85dfa90f42145ecb478b5833708dce4 100644
--- a/apps/files_encryption/lib/util.php
+++ b/apps/files_encryption/lib/util.php
@@ -958,10 +958,10 @@ class Util {
if ( $recoveryEnabled ) {
// Find recoveryAdmin user ID
- $recoveryAdminUid = \OC_Appconfig::getValue( 'files_encryption', 'recoveryAdminUid' );
+ $recoveryKeyId = \OC_Appconfig::getValue( 'files_encryption', 'recoveryKeyId' );
// Add recoveryAdmin to list of users sharing
- $userIds[] = $recoveryAdminUid;
+ $userIds[] = $recoveryKeyId;
}
diff --git a/apps/files_encryption/templates/settings-admin.php b/apps/files_encryption/templates/settings-admin.php
index 863f1dfa9a5e79855c6c5542eb697580cb6e206e..be7beecf6966cef4017af166f6eb5bad1e7f97e4 100644
--- a/apps/files_encryption/templates/settings-admin.php
+++ b/apps/files_encryption/templates/settings-admin.php
@@ -4,25 +4,10 @@
<p>
<strong><?php p($l->t( 'Encryption' )); ?></strong>
<br />
-
- <?php p($l->t( "Exclude the following file types from encryption:" )); ?>
- <br />
-
- <select
- id='encryption_blacklist'
- title="<?php p($l->t( 'None' ))?>"
- multiple="multiple">
- <?php foreach($_["blacklist"] as $type): ?>
- <option selected="selected" value="<?php p($type); ?>"> <?php p($type); ?> </option>
- <?php endforeach;?>
- </select>
</p>
<p>
- <strong>
- <?php p($l->t( "Enable encryption passwords recovery account (allow sharing to recovery account):" )); ?>
+ <?php p($l->t( "Enable encryption passwords recovery key (allow sharing to recovery key):" )); ?>
<br />
- </strong>
- <?php p($l->t( "To perform a recovery log in using the 'recoveryAdmin' account and the specified password" )); ?>
<br />
<?php if ( empty( $_['recoveryAdminUid'] ) ): ?>
<input type="password" name="recoveryPassword" id="recoveryPassword" />