diff --git a/apps/files/index.php b/apps/files/index.php
index 6f22fdfdc19bb4fccfbfae5d0b8b5d2c7b2dd9d5..42eac209b23980ae096c764527a6012c2a8e6c4f 100644
--- a/apps/files/index.php
+++ b/apps/files/index.php
@@ -104,8 +104,12 @@ if ($needUpgrade) {
$storageInfo=OC_Helper::getStorageInfo($dir);
$maxUploadFilesize=OCP\Util::maxUploadFilesize($dir);
$publicUploadEnabled = \OC_Appconfig::getValue('core', 'shareapi_allow_public_upload', 'yes');
+ // if the encryption app is disabled, than everything is fine (INIT_SUCCESSFUL status code)
+ $encryptionInitStatus = 2;
if (OC_App::isEnabled('files_encryption')) {
$publicUploadEnabled = 'no';
+ $session = new \OCA\Encryption\Session(new \OC\Files\View('/'));
+ $encryptionInitStatus = $session->getInitialized();
}
$trashEnabled = \OCP\App::isEnabled('files_trashbin');
@@ -113,7 +117,7 @@ if ($needUpgrade) {
if ($trashEnabled) {
$trashEmpty = \OCA\Files_Trashbin\Trashbin::isEmpty($user);
}
-
+
OCP\Util::addscript('files', 'fileactions');
OCP\Util::addscript('files', 'files');
OCP\Util::addscript('files', 'keyboardshortcuts');
@@ -133,6 +137,7 @@ if ($needUpgrade) {
$tmpl->assign('isPublic', false);
$tmpl->assign('publicUploadEnabled', $publicUploadEnabled);
$tmpl->assign("encryptedFiles", \OCP\Util::encryptedFiles());
+ $tmpl->assign("encryptionInitStatus", $encryptionInitStatus);
$tmpl->assign('disableSharing', false);
$tmpl->assign('ajaxLoad', $ajaxLoad);
$tmpl->printPage();
diff --git a/apps/files/js/files.js b/apps/files/js/files.js
index ec688eaf63efff3ea5d0dc70db8e85e08a45f2ac..899bc6469e503a74bf8b99a2bc7381ca5e169878 100644
--- a/apps/files/js/files.js
+++ b/apps/files/js/files.js
@@ -63,6 +63,15 @@ Files={
}
var encryptedFiles = $('#encryptedFiles').val();
+ var initStatus = $('#encryptionInitStatus').val();
+ if (initStatus === '0') { // enc not initialized, but should be
+ OC.Notification.show(t('files_encryption', 'Encryption App is enabled but your keys are not initialized, please log-out and log-in again'));
+ return;
+ }
+ if (initStatus === '1') { // encryption tried to init but failed
+ OC.Notification.showHtml(t('files_encryption', 'Invalid private key for Encryption App. Please update your private key password in your personal settings to recover access to your encrypted files.'));
+ return;
+ }
if (encryptedFiles === '1') {
OC.Notification.show(t('files_encryption', 'Encryption was disabled but your files are still encrypted. Please go to your personal settings to decrypt your files.'));
return;
diff --git a/apps/files/templates/index.php b/apps/files/templates/index.php
index 50a2720e1c061c4d6c324224aba50021e9e713c8..1c6cd267d8587d43ee5297c19934df12d5ea982f 100644
--- a/apps/files/templates/index.php
+++ b/apps/files/templates/index.php
@@ -116,3 +116,4 @@
<input type="hidden" name="allowZipDownload" id="allowZipDownload" value="<?php p($_['allowZipDownload']); ?>" />
<input type="hidden" name="usedSpacePercent" id="usedSpacePercent" value="<?php p($_['usedSpacePercent']); ?>" />
<input type="hidden" name="encryptedFiles" id="encryptedFiles" value="<?php $_['encryptedFiles'] ? p('1') : p('0'); ?>" />
+<input type="hidden" name="encryptedInitStatus" id="encryptionInitStatus" value="<?php p($_['encryptionInitStatus']) ?>" />
diff --git a/apps/files_encryption/ajax/updatePrivateKeyPassword.php b/apps/files_encryption/ajax/updatePrivateKeyPassword.php
index 1e6644da576f56bd8d8daae01506f2032942658a..29c72952ae9de4457cc5d63340c4caef9658615f 100644
--- a/apps/files_encryption/ajax/updatePrivateKeyPassword.php
+++ b/apps/files_encryption/ajax/updatePrivateKeyPassword.php
@@ -48,6 +48,7 @@ if ($decryptedKey) {
// success or failure
if ($return) {
+ $session->setInitialized(\OCA\Encryption\Session::INIT_SUCCESSFUL);
\OCP\JSON::success(array('data' => array('message' => $l->t('Private key password successfully updated.'))));
} else {
\OCP\JSON::error(array('data' => array('message' => $l->t('Could not update the private key password. Maybe the old password was not correct.'))));
diff --git a/apps/files_encryption/appinfo/app.php b/apps/files_encryption/appinfo/app.php
index 5b62b84e22366a2ed5233d6fa1bcf72b4bb2e7a7..c930ac9eca8be5cb9b88e3651a8771428613bf4c 100644
--- a/apps/files_encryption/appinfo/app.php
+++ b/apps/files_encryption/appinfo/app.php
@@ -43,23 +43,6 @@ if (!OC_Config::getValue('maintenance', false)) {
if($sessionReady) {
$session = new \OCA\Encryption\Session($view);
}
-
- $user = \OCP\USER::getUser();
- // check if user has a private key
- if ($sessionReady === false
- || (!$view->file_exists('/' . $user . '/files_encryption/' . $user . '.private.key')
- && OCA\Encryption\Crypt::mode() === 'server')
- ) {
-
- // Force the user to log-in again if the encryption key isn't unlocked
- // (happens when a user is logged in before the encryption app is
- // enabled)
- OCP\User::logout();
-
- header("Location: " . OC::$WEBROOT . '/');
-
- exit();
- }
}
} else {
// logout user if we are in maintenance to force re-login
diff --git a/apps/files_encryption/appinfo/version b/apps/files_encryption/appinfo/version
index bd73f47072b1fe4b9914ec14a7f6d47fcc8f816a..2eb3c4fe4eebcdea3da0790cc0ba74cb286ec4f4 100644
--- a/apps/files_encryption/appinfo/version
+++ b/apps/files_encryption/appinfo/version
@@ -1 +1 @@
-0.4
+0.5
diff --git a/apps/files_encryption/files/error.php b/apps/files_encryption/files/error.php
index 2dd27257abe45381c9cf357ffa51e23da9f1df91..ac0c0269164fd9ecc6437c617e143d3e16d56e2d 100644
--- a/apps/files_encryption/files/error.php
+++ b/apps/files_encryption/files/error.php
@@ -1,23 +1,33 @@
<?php
+
if (!isset($_)) { //also provide standalone error page
require_once __DIR__ . '/../../../lib/base.php';
$l = OC_L10N::get('files_encryption');
- $errorMsg = $l->t('Your private key is not valid! Likely your password was changed outside the ownCloud system (e.g. your corporate directory). You can update your private key password in your personal settings to recover access to your encrypted files.');
+ if (isset($_GET['i']) && $_GET['i'] === '0') {
+ $errorMsg = $l->t('Encryption app not initialized! Maybe the encryption app was re-enabled during your session. Please try to log out and log back in to initialize the encryption app.');
+ $init = '0';
+ } else {
+ $errorMsg = $l->t('Your private key is not valid! Likely your password was changed outside the ownCloud system (e.g. your corporate directory). You can update your private key password in your personal settings to recover access to your encrypted files.');
+ $init = '1';
+ }
- if(isset($_GET['p']) && $_GET['p'] === '1') {
+ if (isset($_GET['p']) && $_GET['p'] === '1') {
header('HTTP/1.0 404 ' . $errorMsg);
}
- // check if ajax request
- if(!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
+// check if ajax request
+ if (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
\OCP\JSON::error(array('data' => array('message' => $errorMsg)));
} else {
header('HTTP/1.0 404 ' . $errorMsg);
$tmpl = new OC_Template('files_encryption', 'invalid_private_key', 'guest');
+ $tmpl->assign('message', $errorMsg);
+ $tmpl->assign('init', $init);
$tmpl->printPage();
}
exit;
}
+
diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php
index d9221c6e828a2539ed61ffe184f7e589ca978444..2df860a8e5772d49526e3bf8ac32f13d0c1b3ee3 100644
--- a/apps/files_encryption/hooks/hooks.php
+++ b/apps/files_encryption/hooks/hooks.php
@@ -159,7 +159,6 @@ class Hooks {
* @param array $params keys: uid, password
*/
public static function setPassphrase($params) {
-
// Only attempt to change passphrase if server-side encryption
// is in use (client-side encryption does not have access to
// the necessary keys)
@@ -543,14 +542,18 @@ class Hooks {
}
/**
- * set migration status back to '0' so that all new files get encrypted
+ * set migration status and the init status back to '0' so that all new files get encrypted
* if the app gets enabled again
* @param array $params contains the app ID
*/
public static function preDisable($params) {
if ($params['app'] === 'files_encryption') {
- $query = \OC_DB::prepare('UPDATE `*PREFIX*encryption` SET `migration_status`=0');
- $query->execute();
+
+ $setMigrationStatus = \OC_DB::prepare('UPDATE `*PREFIX*encryption` SET `migration_status`=0');
+ $setMigrationStatus->execute();
+
+ $session = new \OCA\Encryption\Session(new \OC\Files\View('/'));
+ $session->setInitialized(\OCA\Encryption\Session::NOT_INITIALIZED);
}
}
diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php
index 445d7ff8ca796ed911833df22685935578d2b316..ebfc00157f71820982baa7806b26cd49ee687486 100755
--- a/apps/files_encryption/lib/helper.php
+++ b/apps/files_encryption/lib/helper.php
@@ -199,12 +199,12 @@ class Helper {
public static function stripUserFilesPath($path) {
$trimmed = ltrim($path, '/');
$split = explode('/', $trimmed);
-
+
// it is not a file relative to data/user/files
if (count($split) < 3 || $split[1] !== 'files') {
return false;
}
-
+
$sliced = array_slice($split, 2);
$relPath = implode('/', $sliced);
@@ -219,30 +219,33 @@ class Helper {
public static function getPathToRealFile($path) {
$trimmed = ltrim($path, '/');
$split = explode('/', $trimmed);
-
+
if (count($split) < 3 || $split[1] !== "files_versions") {
return false;
}
-
+
$sliced = array_slice($split, 2);
$realPath = implode('/', $sliced);
//remove the last .v
$realPath = substr($realPath, 0, strrpos($realPath, '.v'));
return $realPath;
- }
-
+ }
+
/**
* @brief redirect to a error page
*/
- public static function redirectToErrorPage() {
+ public static function redirectToErrorPage($session) {
+
+ $init = $session->getInitialized();
+
$location = \OC_Helper::linkToAbsolute('apps/files_encryption/files', 'error.php');
$post = 0;
if(count($_POST) > 0) {
$post = 1;
- }
- header('Location: ' . $location . '?p=' . $post);
- exit();
+ }
+ header('Location: ' . $location . '?p=' . $post . '&i=' . $init);
+ exit();
}
/**
@@ -259,7 +262,7 @@ class Helper {
return (bool) $result;
}
-
+
/**
* check some common errors if the server isn't configured properly for encryption
* @return bool true if configuration seems to be OK
diff --git a/apps/files_encryption/lib/session.php b/apps/files_encryption/lib/session.php
index 1911386cd12f06832d2406071a4092942191c7d7..25f2198181f3db0baddd7924db9c5806da10179e 100644
--- a/apps/files_encryption/lib/session.php
+++ b/apps/files_encryption/lib/session.php
@@ -30,6 +30,11 @@ class Session {
private $view;
+ const NOT_INITIALIZED = '0';
+ const INIT_EXECUTED = '1';
+ const INIT_SUCCESSFUL = '2';
+
+
/**
* @brief if session is started, check if ownCloud key pair is set up, if not create it
* @param \OC_FilesystemView $view
@@ -112,6 +117,36 @@ class Session {
}
+ /**
+ * @brief Sets status of encryption app
+ * @param string $init INIT_SUCCESSFUL, INIT_EXECUTED, NOT_INOITIALIZED
+ * @return bool
+ *
+ * @note this doesn not indicate of the init was successful, we just remeber the try!
+ */
+ public function setInitialized($init) {
+
+ \OC::$session->set('encryptionInitialized', $init);
+
+ return true;
+
+ }
+
+
+ /**
+ * @brief Gets status if we already tried to initialize the encryption app
+ * @returns init status INIT_SUCCESSFUL, INIT_EXECUTED, NOT_INOITIALIZED
+ *
+ * @note this doesn not indicate of the init was successful, we just remeber the try!
+ */
+ public function getInitialized() {
+ if (!is_null(\OC::$session->get('encryptionInitialized'))) {
+ return \OC::$session->get('encryptionInitialized');
+ } else {
+ return self::NOT_INITIALIZED;
+ }
+ }
+
/**
* @brief Gets user or public share private key from session
* @returns string $privateKey The user's plaintext private key
diff --git a/apps/files_encryption/lib/stream.php b/apps/files_encryption/lib/stream.php
index 083b33c03cbf2be40e674a8e509c3d5743975fb7..02955bb064e982b9020a90b788021e95c59011a0 100644
--- a/apps/files_encryption/lib/stream.php
+++ b/apps/files_encryption/lib/stream.php
@@ -131,7 +131,7 @@ class Stream {
if($this->privateKey === false) {
// if private key is not valid redirect user to a error page
- \OCA\Encryption\Helper::redirectToErrorPage();
+ \OCA\Encryption\Helper::redirectToErrorPage($this->session);
}
$this->size = $this->rootView->filesize($this->rawPath, $mode);
diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php
index df4d35cab0b42076108403b380e0249425f13e33..53d58fbf40d601c6951d052f2f643f3a5b0a9b24 100644
--- a/apps/files_encryption/lib/util.php
+++ b/apps/files_encryption/lib/util.php
@@ -37,7 +37,6 @@ class Util {
const MIGRATION_IN_PROGRESS = -1; // migration is running
const MIGRATION_OPEN = 0; // user still needs to be migrated
-
private $view; // OC_FilesystemView object for filesystem operations
private $userId; // ID of the currently logged-in user
private $client; // Client side encryption mode flag
@@ -1752,6 +1751,11 @@ class Util {
*/
public function initEncryption($params) {
+ $session = new \OCA\Encryption\Session($this->view);
+
+ // we tried to initialize the encryption app for this session
+ $session->setInitialized(\OCA\Encryption\Session::INIT_EXECUTED);
+
$encryptedKey = Keymanager::getPrivateKey($this->view, $params['uid']);
$privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']);
@@ -1762,9 +1766,8 @@ class Util {
return false;
}
- $session = new \OCA\Encryption\Session($this->view);
-
$session->setPrivateKey($privateKey);
+ $session->setInitialized(\OCA\Encryption\Session::INIT_SUCCESSFUL);
return $session;
}
diff --git a/apps/files_encryption/settings-personal.php b/apps/files_encryption/settings-personal.php
index 589219f32ada5c05fcc112140861fe535ae62ce9..ffcb99602e2f6350affd7523a8b46d0d432572fa 100644
--- a/apps/files_encryption/settings-personal.php
+++ b/apps/files_encryption/settings-personal.php
@@ -16,7 +16,9 @@ $view = new \OC_FilesystemView('/');
$util = new \OCA\Encryption\Util($view, $user);
$session = new \OCA\Encryption\Session($view);
-$privateKeySet = $session->getPrivateKey() !== false;
+$privateKeySet = $session->getPrivateKey() !== false;
+// did we tried to initialize the keys for this session?
+$initialized = $session->getInitialized();
$recoveryAdminEnabled = OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled');
$recoveryEnabledForUser = $util->recoveryEnabledForUser();
@@ -31,6 +33,7 @@ if ($recoveryAdminEnabled || !$privateKeySet) {
$tmpl->assign('recoveryEnabled', $recoveryAdminEnabled);
$tmpl->assign('recoveryEnabledForUser', $recoveryEnabledForUser);
$tmpl->assign('privateKeySet', $privateKeySet);
+ $tmpl->assign('initialized', $initialized);
$result = $tmpl->fetchPage();
}
diff --git a/apps/files_encryption/templates/invalid_private_key.php b/apps/files_encryption/templates/invalid_private_key.php
index 5c086d6514c1297fb80d5aaea13b9cf90ff3a5ba..9af65f831b43949b8c9c2060351e73079ad154f8 100644
--- a/apps/files_encryption/templates/invalid_private_key.php
+++ b/apps/files_encryption/templates/invalid_private_key.php
@@ -2,9 +2,11 @@
<li class='error'>
<?php $location = \OC_Helper::linkToRoute( "settings_personal" ).'#changePKPasswd' ?>
- <?php p($l->t('Your private key is not valid! Maybe the your password was changed from outside.')); ?>
+ <?php p($_['message']); ?>
<br/>
- <?php p($l->t('You can unlock your private key in your ')); ?> <a href="<?php echo $location?>"><?php p($l->t('personal settings')); ?>.</a>
+ <?php if($_['init']): ?>
+ <?php>p($l->t('Go directly to your ')); ?> <a href="<?php echo $location?>"><?php p($l->t('personal settings')); ?>.</a>
+ <?php endif; ?>
<br/>
</li>
</ul>
diff --git a/apps/files_encryption/templates/settings-personal.php b/apps/files_encryption/templates/settings-personal.php
index 38512453207a0af2ab836589d427f1abc394ef16..ff04556dd53ef9e9d5e104e6aa05fc6db857562c 100644
--- a/apps/files_encryption/templates/settings-personal.php
+++ b/apps/files_encryption/templates/settings-personal.php
@@ -4,7 +4,7 @@
<?php p( $l->t( 'Encryption' ) ); ?>
</legend>
- <?php if ( ! $_["privateKeySet"] ): ?>
+ <?php if ( ! $_["privateKeySet"] && $_["initialized"] ): ?>
<p>
<a name="changePKPasswd" />
<label for="changePrivateKeyPasswd">
@@ -39,22 +39,22 @@
<?php endif; ?>
<br />
-
+
<?php if ( $_["recoveryEnabled"] && $_["privateKeySet"] ): ?>
<p>
<label for="userEnableRecovery"><?php p( $l->t( "Enable password recovery:" ) ); ?></label>
<br />
<em><?php p( $l->t( "Enabling this option will allow you to reobtain access to your encrypted files in case of password loss" ) ); ?></em>
<br />
- <input
+ <input
type='radio'
name='userEnableRecovery'
value='1'
<?php echo ( $_["recoveryEnabledForUser"] == 1 ? 'checked="checked"' : '' ); ?> />
<?php p( $l->t( "Enabled" ) ); ?>
<br />
-
- <input
+
+ <input
type='radio'
name='userEnableRecovery'
value='0'