Commit 98bc1ad7 authored by Thomas Müller's avatar Thomas Müller
Browse files

Merge pull request #15265 from owncloud/enc2_fixes

core improvements for Encryption 2.0
parents e918bcf2 b5fad75e
...@@ -104,7 +104,7 @@ class Update { ...@@ -104,7 +104,7 @@ class Update {
foreach ($allFiles as $path) { foreach ($allFiles as $path) {
$usersSharing = $this->util->getSharingUsersArray($path); $usersSharing = $this->util->getSharingUsersArray($path);
$encryptionModule->update($absPath, $usersSharing); $encryptionModule->update($absPath, $this->uid, $usersSharing);
} }
} }
......
...@@ -389,9 +389,22 @@ class Util { ...@@ -389,9 +389,22 @@ class Util {
* @return boolean * @return boolean
*/ */
public function isExcluded($path) { public function isExcluded($path) {
$root = explode('/', $path, 2); $normalizedPath = \OC\Files\Filesystem::normalizePath($path);
if (isset($root[0])) { $root = explode('/', $normalizedPath, 4);
if (in_array($root[0], $this->excludedPaths)) { if (count($root) > 2) {
//detect system wide folders
if (in_array($root[1], $this->excludedPaths)) {
return true;
}
$v1 = $this->userManager->userExists($root[1]);
$v2 = in_array($root[2], $this->excludedPaths);
// detect user specific folders
if ($this->userManager->userExists($root[1])
&& in_array($root[2], $this->excludedPaths)) {
return true; return true;
} }
} }
......
...@@ -254,7 +254,7 @@ class Encryption extends Wrapper { ...@@ -254,7 +254,7 @@ class Encryption extends Wrapper {
'" not found, file will be stored unencrypted'); '" not found, file will be stored unencrypted');
} }
if($shouldEncrypt === true && !$this->util->isExcluded($path) && $encryptionModule !== null) { if($shouldEncrypt === true && !$this->util->isExcluded($fullPath) && $encryptionModule !== null) {
$source = $this->storage->fopen($path, $mode); $source = $this->storage->fopen($path, $mode);
$handle = \OC\Files\Stream\Encryption::wrap($source, $path, $fullPath, $header, $handle = \OC\Files\Stream\Encryption::wrap($source, $path, $fullPath, $header,
$this->uid, $encryptionModule, $this->storage, $this, $this->util, $mode, $this->uid, $encryptionModule, $this->storage, $this, $this->util, $mode,
......
...@@ -84,10 +84,11 @@ interface IEncryptionModule { ...@@ -84,10 +84,11 @@ interface IEncryptionModule {
* update encrypted file, e.g. give additional users access to the file * update encrypted file, e.g. give additional users access to the file
* *
* @param string $path path to the file which should be updated * @param string $path path to the file which should be updated
* @param string $uid of the user who performs the operation
* @param array $accessList who has access to the file contains the key 'users' and 'public' * @param array $accessList who has access to the file contains the key 'users' and 'public'
* @return boolean * @return boolean
*/ */
public function update($path, $accessList); public function update($path, $uid, $accessList);
/** /**
* should the file be encrypted or not * should the file be encrypted or not
......
...@@ -104,6 +104,14 @@ interface IStorage { ...@@ -104,6 +104,14 @@ interface IStorage {
*/ */
public function deleteFileKey($path, $keyId); public function deleteFileKey($path, $keyId);
/**
* delete all file keys for a given file
*
* @param string $path to the file
* @return boolean
*/
public function deleteAllFileKeys($path);
/** /**
* delete system-wide encryption keys not related to a specific user, * delete system-wide encryption keys not related to a specific user,
* e.g something like a key for public link shares * e.g something like a key for public link shares
......
...@@ -98,4 +98,39 @@ class UtilTest extends TestCase { ...@@ -98,4 +98,39 @@ class UtilTest extends TestCase {
$u->createHeader($header, $em); $u->createHeader($header, $em);
} }
/**
* @dataProvider providePathsForTestIsExcluded
*/
public function testIsEcluded($path, $expected) {
$this->userManager
->expects($this->any())
->method('userExists')
->will($this->returnCallback(array($this, 'isExcludedCallback')));
$u = new Util($this->view, $this->userManager);
$this->assertSame($expected,
$u->isExcluded($path)
);
}
public function providePathsForTestIsExcluded() {
return array(
array('files_encryption/foo.txt', true),
array('test/foo.txt', false),
array('/user1/files_encryption/foo.txt', true),
array('/user1/files/foo.txt', false),
);
}
public function isExcludedCallback() {
$args = func_get_args();
if ($args[0] === 'user1') {
return true;
}
return false;
}
} }
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment